harry123/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-01-18 13:29:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: harry123:4bdec356fa7603ac134b8dc3d2f505f57f09a311
Branches Tags
harry123:main
...
compare: harry123:c84a24c2ac6bf8159b213aab4896af36e2839564
Branches Tags
harry123:main

8 commits
4bdec356fa ... c84a24c2ac

Author SHA1 Message Date
kity c84a24c2ac added ssh jail 2024-12-27 14:34:19 +01:00
kity 0b6399027c fix: fail2ban config & try to fix extraApps problem 2024-12-27 14:25:14 +01:00
kity 2c17ed2d3e fix: use nextcloud30 pkgs 2024-12-27 14:17:56 +01:00
kity 9414a560c0 fix: sabnzbd needs unfree pkg 2024-12-27 14:09:17 +01:00
kity 5c53e37af6 fix: 2fa does not seems to exists anymore on nc30?? 2024-12-27 14:07:00 +01:00
kity e045347a31 added missing file 2024-12-27 13:59:57 +01:00
kity c8073d3055 fix: more changes due to nixos 24.11 2024-12-27 13:59:52 +01:00
kity d1297eda99 feat: added sabnzbd support 2024-12-27 13:52:47 +01:00
7 changed files with 56 additions and 31 deletions
Show stats Expand all files Collapse all files

10
features/shared/ssh.nix
View file

@ -8,4 +8,14 @@
PermitRootLogin = "no"; PermitRootLogin = "no";
}; };
}; };
services.fail2ban.jails.sshd.settings = {
ssh = ''
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
maxretry = 5
'';
};
} }

5
hosts/sisyphe/configuration.nix
View file

@ -142,6 +142,11 @@ in
"dotnet-sdk-wrapped-6.0.428" "dotnet-sdk-wrapped-6.0.428"
]; ];
# seems like sabnzbd needs some unfree pkgs...
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"unrar"
];
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

21
hosts/sisyphe/features/fail2ban.nix
View file

@ -4,6 +4,25 @@
enable = true; enable = true;
ignoreIP = [ "192.168.1.0/24" ]; ignoreIP = [ "192.168.1.0/24" ];
extraPackages = [ ]; extraPackages = [ ];
jails = { }; jails = {
nextcloud = ''
enabled = true;
filter = nextcloud
port = http,https
'';
};
}; };
environment.etc = {
"fail2ban/filter.d/nextcloud.conf".text = ''
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
'';
};
} }

1
hosts/sisyphe/features/multimedia/default.nix
View file

@ -3,6 +3,7 @@
./arr-suite.nix ./arr-suite.nix
./calibre-web.nix ./calibre-web.nix
./slskd.nix ./slskd.nix
./sabnzbd.nix
./transmission.nix ./transmission.nix
./jellyfin.nix ./jellyfin.nix
]; ];

18
hosts/sisyphe/features/multimedia/sabnzbd.nix Normal file
View file

@ -0,0 +1,18 @@
{config, pkgs, ...}:
{
services.sabnzbd = {
enable = true;
};
services.caddy.virtualHosts."http://sabnzbd.normandy.sisyphe.hypervirtual.world".extraConfig = ''
reverse_proxy 8080
'';
/*
services.prometheus.exporters.sabnzbd = {
enable = true;
servers = [
localhost
]
};*/
}

1
hosts/sisyphe/features/samba-shares.nix
View file

@ -16,7 +16,6 @@ in
config = { config = {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
settings = { settings = {
global = { global = {

31
hosts/sisyphe/features/services/nextcloud.nix
View file

@ -25,6 +25,7 @@
database.createLocally = true; database.createLocally = true;
webserver = "caddy"; webserver = "caddy";
configureRedis = true; configureRedis = true;
package = pkgs.nextcloud30;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
adminpassFile = config.sops.secrets.adminNextcloudPass.path; adminpassFile = config.sops.secrets.adminNextcloudPass.path;
@ -62,37 +63,9 @@
]; ];
phpOptions."opcache.interned_strings_buffer" = "23"; phpOptions."opcache.interned_strings_buffer" = "23";
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
calendar
previewgenerator
twofactor_nextcloud_notification
;
memories = pkgs.fetchNextcloudApp {
sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo=";
url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz";
license = "agpl3Only";
};
/*
not useful for me
registration = pkgs.fetchNextcloudApp {
sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y=";
url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz";
license = "agpl3Only";
};
*/
facerecognition = pkgs.fetchNextcloudApp {
sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE=";
url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz";
license = "agpl3Only";
};
};
extraAppsEnable = true;
appstoreEnable = true; # why i would want appstore to be disabled ??? appstoreEnable = true; # why i would want appstore to be disabled ???
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
cli.memoryLimit = "4G";
}; };
environment.systemPackages = environment.systemPackages =