AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:f1662b7a1f30103f0425f618fd760cc4fd2ad029
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2
...
compare: AtaraxiaDev:6deeabb37eef1a6178aee8c46e045218531d9c8a
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2

2 Commits
f1662b7a1f ... 6deeabb37e

Author SHA1 Message Date
Dmitriy Kholkin
6deeabb37e
fix proxy secret 2025-03-07 13:00:52 +03:00
Dmitriy Kholkin
2549dfd3e0
add fail2ban to nixos-vps 2025-03-07 13:00:41 +03:00
2 changed files with 27 additions and 5 deletions
Show Stats Expand all files Collapse all files

26
machines/NixOS-FI-VPS/default.nix
View File

@ -180,15 +180,37 @@
}; };
systemd.coredump.enable = false; systemd.coredump.enable = false;
# Users
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.LogLevel = "VERBOSE";
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.PermitRootLogin = lib.mkForce "prohibit-password"; settings.PermitRootLogin = lib.mkForce "prohibit-password";
settings.X11Forwarding = false; settings.X11Forwarding = false;
extraConfig = "StreamLocalBindUnlink yes"; extraConfig = "StreamLocalBindUnlink yes";
ports = [ 22 ]; ports = [ 32323 ];
}; };
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
# Users
users.mutableUsers = false; users.mutableUsers = false;
users.users = { users.users = {
${config.mainuser} = { ${config.mainuser} = {

6
secrets/proxy.yaml
View File

File diff suppressed because one or more lines are too long