fix: fail2ban config & try to fix extraApps problem

2025-01-18 13:29:32 +01:00 · 2024-12-27 14:25:14 +01:00 · 2024-12-27 14:25:14 +01:00 · 0b6399027c
parent 2c17ed2d3e
commit 0b6399027c
2 changed files with 20 additions and 29 deletions
--- a/hosts/sisyphe/features/fail2ban.nix
+++ b/hosts/sisyphe/features/fail2ban.nix
@ -4,6 +4,25 @@
    enable = true;
    ignoreIP = [ "192.168.1.0/24" ];
    extraPackages = [ ];
-    jails = { };
+    jails = {
      nextcloud = ''
        enabled = true;
        filter = nextcloud
        port = http,https
      '';
     };
  };
  environment.etc = {
      "fail2ban/filter.d/nextcloud.conf".text = ''
        [Definition]
        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
      '';
    };
 }
--- a/hosts/sisyphe/features/services/nextcloud.nix
+++ b/hosts/sisyphe/features/services/nextcloud.nix
@ -63,34 +63,6 @@
    ];
    phpOptions."opcache.interned_strings_buffer" = "23";
    extraApps = {
      inherit (pkgs.nextcloud30Packages.apps)
        contacts
        calendar
        previewgenerator
        ;
      memories = pkgs.fetchNextcloudApp {
        sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo=";
        url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz";
        license = "agpl3Only";
      };
      /*
        not useful for me
           registration = pkgs.fetchNextcloudApp {
             sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y=";
             url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz";
             license = "agpl3Only";
           };
      */
      facerecognition = pkgs.fetchNextcloudApp {
        sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE=";
        url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz";
        license = "agpl3Only";
      };
    };
    extraAppsEnable = true;
    appstoreEnable = true; # why i would want appstore to be disabled ???
    autoUpdateApps.enable = true;
    cli.memoryLimit = "4G";