From 85917635fdf9a82942e123d1f2b2a6d232f5305a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Thu, 14 Sep 2023 06:41:16 +0300 Subject: [PATCH] sshguard is now optional --- hosts/fra1-a/configuration.nix | 1 + hosts/fwminex/configuration.nix | 1 + hosts/vno1-oh2/configuration.nix | 1 + hosts/vno1-rp3b/configuration.nix | 1 + modules/base/default.nix | 1 - modules/services/default.nix | 1 + modules/{base => services}/sshguard/default.nix | 6 +++--- 7 files changed, 8 insertions(+), 4 deletions(-) rename modules/{base => services}/sshguard/default.nix (71%) diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix index 71a5719..7bf543a 100644 --- a/hosts/fra1-a/configuration.nix +++ b/hosts/fra1-a/configuration.nix @@ -44,6 +44,7 @@ services = { node_exporter.enable = true; + sshguard.enable = true; postfix = { enable = true; diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 47c0de6..61b2dbf 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -76,6 +76,7 @@ services = { node_exporter.enable = true; + sshguard.false = true; deployerbot = { follower = { diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 6e97901..d396af1 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -161,6 +161,7 @@ gitea.enable = true; snmp_exporter.enable = true; + sshguard.enable = true; headscale = { enable = true; diff --git a/hosts/vno1-rp3b/configuration.nix b/hosts/vno1-rp3b/configuration.nix index b8d18c3..3817c00 100644 --- a/hosts/vno1-rp3b/configuration.nix +++ b/hosts/vno1-rp3b/configuration.nix @@ -61,6 +61,7 @@ services = { node_exporter.enable = true; + sshguard.enable = true; borgstor = { enable = true; diff --git a/modules/base/default.nix b/modules/base/default.nix index 8ce1b92..79a8591 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -10,7 +10,6 @@ ./fileSystems ./snapshot ./sshd - ./sshguard ./unitstatus ./users ./zfs diff --git a/modules/services/default.nix b/modules/services/default.nix index cacb3a3..384d390 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -16,6 +16,7 @@ ./nsd-acme ./postfix ./snmp_exporter + ./sshguard ./syncthing ./zfsunlock ]; diff --git a/modules/base/sshguard/default.nix b/modules/services/sshguard/default.nix similarity index 71% rename from modules/base/sshguard/default.nix rename to modules/services/sshguard/default.nix index b1147d4..6d426f4 100644 --- a/modules/base/sshguard/default.nix +++ b/modules/services/sshguard/default.nix @@ -4,14 +4,14 @@ myData, ... }: { - options.mj.base.sshguard = with lib.types; { + options.mj.services.sshguard = with lib.types; { enable = lib.mkOption { type = bool; - default = true; + default = false; }; }; - config = lib.mkIf config.mj.base.sshguard.enable { + config = lib.mkIf config.mj.services.sshguard.enable { services.sshguard = { enable = true; blocktime = 900;