diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix index f2edced..e5ddbf1 100644 --- a/hosts/hel1-a/configuration.nix +++ b/hosts/hel1-a/configuration.nix @@ -127,12 +127,6 @@ in { ''; }; - locate = { - enable = true; - locate = pkgs.plocate; - localuser = null; - }; - headscale = { enable = true; settings = { @@ -386,16 +380,6 @@ in { }; }; }; - - sshguard = { - enable = true; - blocktime = 900; - whitelist = [ - "192.168.0.0/16" - myData.tailscale_subnet.cidr - myData.hosts."vno1-oh2.servers.jakst".publicIP - ]; - }; }; networking = { diff --git a/modules/base/default.nix b/modules/base/default.nix index 8f26ae6..95d074b 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -10,6 +10,7 @@ ./fileSystems ./snapshot ./sshd + ./sshguard ./unitstatus ./users ./zfs @@ -132,5 +133,13 @@ defaultEditor = true; }; }; + + services = { + locate = { + enable = true; + locate = pkgs.plocate; + localuser = null; + }; + }; }; } diff --git a/modules/base/sshguard/default.nix b/modules/base/sshguard/default.nix new file mode 100644 index 0000000..6b5df28 --- /dev/null +++ b/modules/base/sshguard/default.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + myData, + ... +}: { + options.mj.base.sshguard = with lib.types; { + enable = lib.mkOption { + type = bool; + default = true; + }; + }; + + config = lib.mkIf config.mj.base.sshguard.enable { + services.sshguard = { + enable = true; + blocktime = 900; + whitelist = [ + "192.168.0.0/16" + myData.tailscale_subnet.cidr + myData.hosts."vno1-oh2.servers.jakst".publicIP + ]; + }; + }; +}