diff --git a/flake.nix b/flake.nix index 9d16c52..a998aa4 100755 --- a/flake.nix +++ b/flake.nix @@ -58,9 +58,6 @@ ./modules/gitea.nix ./modules/fail2ban.nix ./modules/kanboard.nix - ./modules/infoscreen.nix - ./modules/manual.nix - ./modules/sharepic.nix { sops.defaultSopsFile = ./secrets/quitte.yaml; } diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix index f9d8183..1e4da49 100644 --- a/modules/fail2ban.nix +++ b/modules/fail2ban.nix @@ -9,6 +9,17 @@ bantime = 25h action = iptables-allports[name=fail2banTOR, protocol=all] ''; + dovecot = '' + enabled = true + # aggressive mode to add blocking for aborted connections + filter = dovecot[mode=aggressive] + maxretry = 3 + ''; + postfix = '' + enabled = true + filter = postfix[mode=aggressive] + maxretry = 3 + ''; }; }; diff --git a/modules/infoscreen.nix b/modules/infoscreen.nix deleted file mode 100644 index 389c440..0000000 --- a/modules/infoscreen.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, config, lib, ... }: -let - domain = "infoscreen.${config.networking.domain}"; -in -{ - services.nginx = { - enable = true; - virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; - root = "/srv/web/infoscreen/dist"; - }; - }; -} diff --git a/modules/manual.nix b/modules/manual.nix deleted file mode 100644 index ab58e76..0000000 --- a/modules/manual.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, config, lib, ... }: -let - domain = "manual.${config.networking.domain}"; -in -{ - services.nginx = { - enable = true; - virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; - root = "/srv/web/manual-website/site"; - }; - }; -} diff --git a/modules/sharepic.nix b/modules/sharepic.nix deleted file mode 100644 index 765def0..0000000 --- a/modules/sharepic.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ pkgs, config, lib, ... }: -let - domain = "sharepic.${config.networking.domain}"; - user = "sharepic"; - group = "sharepic"; -in -{ - users.users.${user} = { - group = group; - isSystemUser = true; - }; - users.groups.${group} = { }; - - services.phpfpm.pools.sharepic = { - user = "sharepic"; - group = "sharepic"; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.max_requests" = 500; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 5; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = true; - "catch_workers_output" = true; - }; - phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; - }; - - services.nginx = { - enable = true; - - virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; - root = "/srv/web/sharepic"; - extraConfig = '' - index index.php index.html; - ''; - - locations = { - "/" = { - tryFiles = "$uri $uri/ =404"; - }; - "~ \.php$" = { - extraConfig = '' - try_files $uri =404; - fastcgi_pass unix:${config.services.phpfpm.pools.sharepic.socket}; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - ''; - }; - "/data".return = "403"; - }; - }; - }; -}