motiejus
/
config
1
Fork 0
Code Packages Releases Activity

enable sshguard and plocate

This commit is contained in:
Motiejus Jakštys 2023-07-26 14:10:22 +03:00
parent 6200488e32
commit 99488618ce
3 changed files with 34 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/hel1-a/configuration.nix
View File

@ -127,12 +127,6 @@ in {
''; '';
}; };
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
headscale = { headscale = {
enable = true; enable = true;
settings = { settings = {
@ -386,16 +380,6 @@ in {
}; };
}; };
}; };
sshguard = {
enable = true;
blocktime = 900;
whitelist = [
"192.168.0.0/16"
myData.tailscale_subnet.cidr
myData.hosts."vno1-oh2.servers.jakst".publicIP
];
};
}; };
networking = { networking = {

9
modules/base/default.nix
View File

@ -10,6 +10,7 @@
./fileSystems ./fileSystems
./snapshot ./snapshot
./sshd ./sshd
./sshguard
./unitstatus ./unitstatus
./users ./users
./zfs ./zfs
@ -132,5 +133,13 @@
defaultEditor = true; defaultEditor = true;
}; };
}; };
services = {
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
};
}; };
} }

25
modules/base/sshguard/default.nix Normal file
View File

@ -0,0 +1,25 @@
{
config,
lib,
myData,
...
}: {
options.mj.base.sshguard = with lib.types; {
enable = lib.mkOption {
type = bool;
default = true;
};
};
config = lib.mkIf config.mj.base.sshguard.enable {
services.sshguard = {
enable = true;
blocktime = 900;
whitelist = [
"192.168.0.0/16"
myData.tailscale_subnet.cidr
myData.hosts."vno1-oh2.servers.jakst".publicIP
];
};
};
}