RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-30 11:37:44 +00:00
Code Issues Activity

Add fail2ban jails for more services

Browse source
This commit is contained in:
RGBCube 2024-01-15 20:46:35 +03:00
parent e57c3bfe16
commit 5d9c2c07fe
No known key found for this signature in database
5 changed files with 19 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/cube/grafana.nix
View file

@ -8,6 +8,11 @@ in serverSystemConfiguration {
age.secrets."cube/password.grafana".owner = "grafana"; age.secrets."cube/password.grafana".owner = "grafana";
age.secrets."cube/password.mail.grafana".owner = "grafana"; age.secrets."cube/password.mail.grafana".owner = "grafana";
services.fail2ban.jails.grafana.settings = {
filter = "grafana";
maxretry = 3;
};
systemd.services.grafana.requires = [ "postgresql.service" ]; systemd.services.grafana.requires = [ "postgresql.service" ];
services.grafana = enabled { services.grafana = enabled {

12
hosts/cube/mail.nix
View file

@ -20,6 +20,18 @@ in serverSystemConfiguration {
}]; }];
}]; }];
services.fail2ban.jails = {
dovecot.settings = {
filter = "dovecot";
maxretry = 3;
};
postfix.settings = {
filter = "postfix";
maxretry = 3;
};
};
services.kresd.listenPlain = lib.mkForce [ "[::]:53" "0.0.0.0:53" ]; services.kresd.listenPlain = lib.mkForce [ "[::]:53" "0.0.0.0:53" ];
services.redis.servers.rspamd.bind = "0.0.0.0"; services.redis.servers.rspamd.bind = "0.0.0.0";

2
hosts/cube/nextcloud.nix
View file

@ -6,7 +6,6 @@ let
fqdn = "cloud.${domain}"; fqdn = "cloud.${domain}";
in serverSystemConfiguration { in serverSystemConfiguration {
age.secrets."cube/password.nextcloud".owner = "nextcloud"; age.secrets."cube/password.nextcloud".owner = "nextcloud";
age.secrets."cube/password.mail.nextcloud".owner = "nextcloud";
systemd.services.nextcloud-setup.requires = [ "postgresql.service" ]; systemd.services.nextcloud-setup.requires = [ "postgresql.service" ];
@ -24,7 +23,6 @@ in serverSystemConfiguration {
config.dbhost = "/run/postgresql"; config.dbhost = "/run/postgresql";
config.dbtype = "pgsql"; config.dbtype = "pgsql";
secretFile = config.age.secrets."cube/password.mail.nextcloud".path;
extraOptions = { extraOptions = {
default_phone_region = "TR"; default_phone_region = "TR";

5
secrets/cube/password.mail.nextcloud.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw Sum+2HU7J6lXA4gbBl+mYj2L+D4tqtjHGdMl2RHiNGY
8Kw+f0Fzl0jhhkm6EuLqVQNGpyRjZL3xK9ldXugOMZs
--- wGiZJTQeisiVaEClE23WnfnkHOf9tV56KbQks/2JrOs
ºÍ£½´6íþŽÀŽ J©®/ÞdÔøÄÌ :cÍè<C38D> í{n)ÎM7Aõsî1ÕXö¯Qqx €Õ_«*] '€›´ÂÃèã

5
secrets/secrets.nix
View file

@ -11,10 +11,9 @@ rec {
"cube/password.acme.age".publicKeys = [ keys.cube ]; "cube/password.acme.age".publicKeys = [ keys.cube ];
"cube/password.mail.grafana.age".publicKeys = [ keys.cube ];
"cube/password.mail.nextcloud.age".publicKeys = [ keys.cube ];
"cube/password.grafana.age".publicKeys = [ keys.cube ]; "cube/password.grafana.age".publicKeys = [ keys.cube ];
"cube/password.mail.grafana.age".publicKeys = [ keys.cube ];
"cube/password.nextcloud.age".publicKeys = [ keys.cube ]; "cube/password.nextcloud.age".publicKeys = [ keys.cube ];
"enka/password.hash.orhan.age".publicKeys = [ keys.rgbcube ]; "enka/password.hash.orhan.age".publicKeys = [ keys.rgbcube ];