AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:1ef8a396137d750cd2feb89ebdff39edfac4780b
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2
...
compare: AtaraxiaDev:26853a4200611270246ea3b49ef3659b16d7146d
Branches Tags
AtaraxiaDev:dev-v2
AtaraxiaDev:master

2 Commits
1ef8a39613 ... 26853a4200

Author SHA1 Message Date
Dmitriy Kholkin
26853a4200
fix proxy secret 2025-03-07 13:05:43 +03:00
Dmitriy Kholkin
88b6b6e2ab
add fail2ban to nixos-vps 2025-03-07 13:03:00 +03:00
2 changed files with 27 additions and 5 deletions
Show Stats Expand all files Collapse all files

26
machines/NixOS-FI-VPS/default.nix
View File

@ -180,15 +180,37 @@
};
systemd.coredump.enable = false;
# Users
services.openssh = {
enable = true;
settings.LogLevel = "VERBOSE";
settings.PasswordAuthentication = false;
settings.PermitRootLogin = lib.mkForce "prohibit-password";
settings.X11Forwarding = false;
extraConfig = "StreamLocalBindUnlink yes";
ports = [ 22 ];
ports = [ 32323 ];
};
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
# Users
users.mutableUsers = false;
users.users = {
${config.mainuser} = {

6
secrets/proxy.yaml
View File

File diff suppressed because one or more lines are too long