updates

flake.lock

@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1725739959,
+        "lastModified": 1725809370,
-        "narHash": "sha256-i0uFjdgZ2lkmX+yizWcXHamZFlhDcnIwJBBYkatBd7Y=",
+        "narHash": "sha256-uUc+TbF17Q9H00aj1cbZGB25Tob6PpZ9M0RoY/jOo6s=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "f1bd855c23e73e04597695ca37ae54671a7e07b1",
+        "rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3",
         "type": "github"
       },
       "original": {
@@ -44,21 +44,18 @@
     },
     "chaotic": {
       "inputs": {
-        "compare-to": "compare-to",
         "fenix": "fenix",
         "flake-schemas": "flake-schemas",
         "home-manager": "home-manager",
         "jovian": "jovian",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_2"
-        "systems": "systems_2",
-        "yafas": "yafas"
       },
       "locked": {
-        "lastModified": 1725738693,
+        "lastModified": 1726137353,
-        "narHash": "sha256-nqsRStEB29KcTsMC52NdKFzd0PSudQHY6w6oRrNyLCM=",
+        "narHash": "sha256-XkKlVYMDWGQ39N6208YsQdw39ZYuqCFKQtwXcWL67rQ=",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "38451822a144faa53a7ee96d4f0478d94945b67a",
+        "rev": "446bfd7a2e79143abca6aa8a87c348fbdca29ffe",
         "type": "github"
       },
       "original": {
@@ -68,20 +65,6 @@
         "type": "github"
       }
     },
-    "compare-to": {
-      "locked": {
-        "lastModified": 1695341185,
-        "narHash": "sha256-htO6DSbWyCgaDkxi7foPjXwJFPzGjVt3RRUbPSpNtZY=",
-        "rev": "98b8e330823a3570d328720f87a1153f8a7f2224",
-        "revCount": 2,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/chaotic-cx/nix-empty-flake/0.1.2%2Brev-98b8e330823a3570d328720f87a1153f8a7f2224/018aba35-d228-7fa9-b205-7616c89ef4e0/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/chaotic-cx/nix-empty-flake/%3D0.1.2.tar.gz"
-      }
-    },
     "cosmic": {
       "inputs": {
         "flake-compat": "flake-compat_2",
@@ -93,11 +76,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1725750857,
+        "lastModified": 1726067613,
-        "narHash": "sha256-AMMyY/PR3nIEQh41qPyBsGm0OJIcA7tn7Ggw1nT1Zao=",
+        "narHash": "sha256-45Zyi5EsOqeAWN1cm7S2l2V3OYX90secI5+MqXGNTnU=",
         "owner": "lilyinstarlight",
         "repo": "nixos-cosmic",
-        "rev": "adfdee861bb4943e1e32c930d045593806f88339",
+        "rev": "d80add9719ebb66471d536150233198cbadcb2dd",
         "type": "github"
       },
       "original": {
@@ -136,11 +119,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1725690497,
+        "lastModified": 1726036322,
-        "narHash": "sha256-5fT+96rV7Hx29HG+4/oBbr3V+yExKuLN2vcBcPbVBlU=",
+        "narHash": "sha256-9Hwl4lzB5yFah00OaXSMDPDubCy99wtLgsYxMVpMwlM=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "4b8d964df93d1f918ee6c4f003b3548c432cc866",
+        "rev": "3e50a3c915882f07cb3f6c246f09febc4ad36c3e",
         "type": "github"
       },
       "original": {
@@ -291,16 +274,16 @@
     },
     "flake-schemas": {
       "locked": {
-        "lastModified": 1693491534,
+        "lastModified": 1721999734,
-        "narHash": "sha256-ifw8Td8kD08J8DxFbYjeIx5naHcDLz7s2IFP3X42I/U=",
+        "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
-        "rev": "c702cbb663d6d70bbb716584a2ee3aeb35017279",
+        "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
-        "revCount": 21,
+        "revCount": 75,
         "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.1/018a4c59-80e1-708a-bb4d-854930c20f72/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.1.tar.gz"
+        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
       }
     },
     "flake-utils": {
@@ -326,7 +309,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -414,11 +397,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725694918,
+        "lastModified": 1726036828,
-        "narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=",
+        "narHash": "sha256-ZQHbpyti0jcAKnwQY1lwmooecLmSG6wX1JakQ/eZNeM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda",
+        "rev": "8a1671642826633586d12ac3158e463c7a50a112",
         "type": "github"
       },
       "original": {
@@ -430,15 +413,15 @@
     "home-manager_2": {
       "inputs": {
         "nixpkgs": [
-          "nixpkgs-unstable-small"
+          "nixpkgs-unstable"
         ]
       },
       "locked": {
-        "lastModified": 1725694918,
+        "lastModified": 1726142087,
-        "narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=",
+        "narHash": "sha256-uT4TRd3PgreUD5sJaNioVfMemdyWFLoPHqN4AFszGmw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda",
+        "rev": "da8406a6ff556b86dc368e96ca8bd81b2704a91a",
         "type": "github"
       },
       "original": {
@@ -471,11 +454,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725600800,
+        "lastModified": 1726031155,
-        "narHash": "sha256-wst7p3RZ9kZUNzN22d27wU8YSBB7Grlx6Q03A7boRaU=",
+        "narHash": "sha256-QUv5cxy40HRC7vJz9JjbVEmlHT+q1VIuikNJUQZHre0=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb",
+        "rev": "90c68db7d9430bd30e8c5096a0e3dc078b410050",
         "type": "github"
       },
       "original": {
@@ -523,15 +506,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1717929455,
+        "lastModified": 1725806412,
-        "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=",
+        "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
-        "owner": "nix-community",
+        "owner": "willibutz",
         "repo": "napalm",
-        "rev": "e1babff744cd278b56abe8478008b4a9e23036cf",
+        "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
         "type": "github"
       },
       "original": {
-        "owner": "nix-community",
+        "owner": "willibutz",
+        "ref": "avoid-foldl-stack-overflow",
         "repo": "napalm",
         "type": "github"
       }
@@ -541,11 +525,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1725628909,
+        "lastModified": 1726146727,
-        "narHash": "sha256-xI0OSqPHcs/c/utJsU0Zvcp1VhejMI9mgwr68uHHlPs=",
+        "narHash": "sha256-/FDZ7N0ttDxmu2Orzz+RuVGkVceagh/eKMzdgo3g+hQ=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "76559183801030451e200c90a1627c1d82bb4910",
+        "rev": "9d7aebb3039fbfb93afebef53210e2999f8b7e1a",
         "type": "github"
       },
       "original": {
@@ -644,11 +628,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1725716377,
+        "lastModified": 1725885300,
-        "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=",
+        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6",
+        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
         "type": "github"
       },
       "original": {
@@ -688,11 +672,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1725407940,
+        "lastModified": 1725930920,
-        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
+        "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
+        "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658",
         "type": "github"
       },
       "original": {
@@ -736,11 +720,11 @@
     },
     "nixpkgs-stable_4": {
       "locked": {
-        "lastModified": 1725407940,
+        "lastModified": 1725930920,
-        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
+        "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
+        "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658",
         "type": "github"
       },
       "original": {
@@ -768,11 +752,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1725634671,
+        "lastModified": 1725983898,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43",
         "type": "github"
       },
       "original": {
@@ -784,11 +768,11 @@
     },
     "nixpkgs-unstable-small": {
       "locked": {
-        "lastModified": 1725752909,
+        "lastModified": 1726123687,
-        "narHash": "sha256-1oWXjps/B6IZYz7/iGgk8B0foVZREC+8pg8I28BF75k=",
+        "narHash": "sha256-fwpPGjVR5VM/uOifYkr9t5hZE2xGmFlp8RrKqedyizg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "93961c50306be724df8a69cfa60866c2c49d1d06",
+        "rev": "e5330a9a58dfae92df814013e90509dbae747ce9",
         "type": "github"
       },
       "original": {
@@ -800,11 +784,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1725634671,
+        "lastModified": 1725983898,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43",
         "type": "github"
       },
       "original": {
@@ -955,11 +939,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1725630423,
+        "lastModified": 1725985110,
-        "narHash": "sha256-gNCLk3Zg7JlAwmWbVHTH6f3+iqdeQ4fheOotCZy8x5M=",
+        "narHash": "sha256-0HKj+JI6rtxaE6Kzcd6HyFNbEFJRsLy5DoNgVF1pyRM=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "08c7bbc2dbe4dcc8968484f1a0e1e6fe7a1d4f6d",
+        "rev": "bcc708992104c2059f310fbc3ac00bfc377f9ea8",
         "type": "github"
       },
       "original": {
@@ -977,11 +961,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1725589472,
+        "lastModified": 1726021481,
-        "narHash": "sha256-+OB00N6Yql/ZRQQkQ0PNnxfW2tH89DHnv29hBS7tXMM=",
+        "narHash": "sha256-4J4E+Fh+77XIYnq2RVtg+ENWXpu6t74P0jKN/f2RQmI=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "2b00881d2ff72174cffdc007238cb6bedd6e1d8e",
+        "rev": "1c2c120246c51a644c20ba2a36a33d3bd4860d70",
         "type": "github"
       },
       "original": {
@@ -1037,11 +1021,11 @@
         "nixpkgs-stable": "nixpkgs-stable_5"
       },
       "locked": {
-        "lastModified": 1725765163,
+        "lastModified": 1725922448,
-        "narHash": "sha256-rfd2c47iVSFI6bRYy5l8wRijRBaYDeU7dM8XCDUGqlA=",
+        "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b68757cd2c3fa66d6ccaa0d046ce42a9324e0070",
+        "rev": "cede1a08039178ac12957733e97ab1006c6b6892",
         "type": "github"
       },
       "original": {
@@ -1066,21 +1050,6 @@
       }
     },
     "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1138,31 +1107,6 @@
         "repo": "treefmt-nix",
         "type": "github"
       }
-    },
-    "yafas": {
-      "inputs": {
-        "flake-schemas": [
-          "chaotic",
-          "flake-schemas"
-        ],
-        "systems": [
-          "chaotic",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1695926485,
-        "narHash": "sha256-wNFFnItckgSs8XeYhhv8vlJs2WF09fSQaWgw4xkDqHQ=",
-        "owner": "UbiqueLambda",
-        "repo": "yafas",
-        "rev": "7772afd6686458ca0ddbc599a52cf5d337367653",
-        "type": "github"
-      },
-      "original": {
-        "owner": "UbiqueLambda",
-        "repo": "yafas",
-        "type": "github"
-      }
     }
   },
   "root": "root",

hosts/desktop/hyprland/environment.nix

@@ -13,19 +13,18 @@ in
   environment.systemPackages = with pkgs; [
     adwaita-icon-theme
     apple-cursor
-    catppuccin
-    catppuccin-gtk
-    catppuccin-qt5ct
     catppuccin-sddm
     colloid-gtk-theme
     colloid-icon-theme
     ddcutil
     dunst
     egl-wayland
+    file-roller
     glib
     gnome-tweaks
     gnome-disk-utility
     gsettings-desktop-schemas
+    hyprcursor
     hyprland
     hyprshot
     libnotify
@@ -57,6 +56,7 @@ in
     xdg-desktop-portal-hyprland
     xdg-desktop-portal-gtk
     xdg-desktop-portal-wlr
+    xsettingsd
     xwayland
   ];
 }

hosts/desktop/hyprland/home.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 let
   wallpaper = "/home/matt/.config/wallpapers/wall.png";
-  cursorTheme = "macOS-Monterey";
+  cursorTheme = "macOS";
   cursorThemePkg = pkgs.apple-cursor;
   cursorSize = 24;
   gtkThemeSize = "compact";
@@ -16,10 +16,13 @@ let
     tweaks = [ gtkThemeVariant ];
   };
   iconThemeColor = "dark"; # "" "light" "dark"
-  # iconThemeVariant = "default"; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey"
+  iconThemeVariant = ""; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey"
   iconThemeScheme = "nord"; # "" "nord" "dracula" "gruvbox" "everforest" "catppuccin"
-  iconTheme = "Colloid-${iconThemeScheme}-${iconThemeColor}";
+  iconTheme = "Colloid-Dark";
-  iconThemePkg = pkgs.colloid-icon-theme.override { schemeVariants = [ iconThemeScheme ]; };
+  iconThemePkg = pkgs.colloid-icon-theme.override { 
+    schemeVariants = [ iconThemeScheme ];
+    colorVariants = [ "default" ];
+  };
 in
 {
   imports = [
@@ -135,6 +138,8 @@ in
     # WLR_RENDERER = "vulkan";
     XCURSOR_THEME = cursorTheme;
     XCURSOR_SIZE = cursorSize;
+    HYPRCURSOR_THEME = cursorTheme;
+    HYPRCURSOR_SIZE = cursorSize;
     GTK_THEME = gtkTheme;
     XDG_CURRENT_DESKTOP = "Hyprland";
     XDG_SESSION_DESKTOP = "Hyprland";
@@ -154,6 +159,13 @@ in
     name = cursorTheme;
     size = cursorSize;
   };
+  
+  dconf = {
+    enable = true;
+    settings = {
+      "org/gnome/desktop/interface".cursor-theme = cursorTheme;
+    };
+  };
 
   gtk = {
     enable = true;

hosts/nas/apps.nix

@@ -1,5 +1,9 @@
 { config, ... }:
 {
+  # imports = [
+  #   ../../modules/services/jellyfin
+  # ];
+
   nas-apps = {
     beszel.enable = true;
 

modules/services/caddy/default.nix

@@ -0,0 +1,22 @@
+{ ... }:
+let
+  collaboraPort = "9980";
+  nextcloudPort = "9981";
+  jellyfinPort = "";
+in
+{
+  services.caddy = {
+    enable = true;
+    enableReload = true;
+    email = "jalle008@proton.me";
+    user = "nix-apps";
+    group = "jallen-nas";
+    dataDir = "/media/ssd/nix-app-data/caddy";
+
+    virtualHosts."hass.mjallen.dev".extraConfig = ''
+      reverse_proxy http://10.0.1.183:8126
+    '';
+
+
+  };
+}

modules/services/fail2ban/default.nix

@@ -0,0 +1,97 @@
+{ pkgs, ... }:
+{
+  services.fail2ban = {
+    enable = true;
+   # Ban IP after 5 failures
+    maxretry = 5;
+    ignoreIP = [
+      # Whitelist subnet
+      "10.0.1.0/24"
+      # "8.8.8.8" # whitelist a specific IP
+      # "nixos.wiki" # resolve the IP via DNS
+    ];
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    bantime-increment = {
+      enable = true; # Enable increment of bantime after each violation
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # Do not ban for more than 1 week
+      overalljails = true; # Calculate the bantime based on all the violations
+    };
+    jails = {
+      apache-nohome-iptables.settings = {
+        # Block an IP address if it accesses a non-existent
+        # home directory more than 5 times in 10 minutes,
+        # since that indicates that it's scanning.
+        filter = "apache-nohome";
+        action = ''iptables-multiport[name=HTTP, port="http,https"]'';
+        logpath = "/var/log/httpd/error_log*";
+        backend = "auto";
+        findtime = 600;
+        bantime  = 600;
+        maxretry = 5;
+      };
+
+      ngnix-url-probe.settings = { 
+        enabled = true;
+        filter = "nginx-url-probe";
+        logpath = "/var/log/nginx/access.log";
+        action = ''%(action_)s[blocktype=DROP]
+                 ntfy'';
+        backend = "auto"; # Do not forget to specify this if your jail uses a log file
+        maxretry = 5; 
+        findtime = 600;
+      };
+
+      nginx-http-auth.settings = {
+        enabled = true;
+        filter = "nginx-http-auth";
+        port = "http,https";
+        logpath = "/var/log/httpd/error_log*";
+      };
+
+      nginx-badbots.settings = {
+        enabled = true;
+        filter = "nginx-badbots";
+        port = "http,https";
+        logpath = "/var/log/nginx/access.log";
+        maxretry = 2;
+      };
+
+      nginx-botsearch.settings = {
+        enabled = true;
+        filter = "nginx-botsearch";
+        port = "http,https";
+        logpath = "/var/log/nginx/access.log";
+      };
+
+      nginx-deny.settings = {
+        enabled = true;
+        filter = "nginx-deny";
+        port = "http,https";
+        logpath = "/var/log/nginx/access.log";
+      };
+
+      nginx-unauthorized.settings = {
+        enabled = true;
+        filter = "nginx-unauthorized";
+        port = "http,https";
+        logpath = "/var/log/nginx/access.log";
+      };
+    };
+  };
+
+  environment.etc = {
+    # Define an action that will trigger a Ntfy push notification upon the issue of every new ban
+    # "fail2ban/action.d/ntfy.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+    #   [Definition]
+    #   norestored = true # Needed to avoid receiving a new notification after every restart
+    #   actionban = curl -H "Title: <ip> has been banned" -d "<name> jail has banned <ip> from accessing $(hostname) after <failures> attempts of hacking the system." https://ntfy.sh/Fail2banNotifications
+    # '');
+    # Defines a filter that detects URL probing by reading the Nginx access log
+    "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^<HOST>.*(GET /(wp-|admin|boaform|phpmyadmin|\.env|\.git)|\.(dll|so|cfm|asp)|(\?|&)(=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000|=PHPE9568F36-D428-11d2-A769-00AA001ACF42|=PHPE9568F35-D428-11d2-A769-00AA001ACF42|=PHPE9568F34-D428-11d2-A769-00AA001ACF42)|\\x[0-9a-zA-Z]{2})
+    '');
+  };
+}

modules/services/jellyfin/default.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+    user = "nix-apps";
+    group = "jallen-nas";
+    dataDir = "/media/nas/ssd/nix-app-data/jellyfin/data";
+    configDir = "/media/nas/ssd/nix-app-data/jellyfin/config";
+  };
+
+  environment.systemPackages = [
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+  ];
+}