diff --git a/flake.lock b/flake.lock index 0954a60..8447721 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1728591802, - "narHash": "sha256-/HefSuC9DgRAVfiZ64+E32L5WHu9mpqrcnnZA9em2iY=", + "lastModified": 1728783352, + "narHash": "sha256-9U5sXyy5i8N2iL6dROw8vAAhbbBAVWmKuNbEZj6CzSQ=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "7a40bf82de534822d22503e195f2b71715277ad6", + "rev": "f545d4fc6c01afb04b9108f59d16160dcfa0a971", "type": "github" }, "original": { @@ -180,22 +180,6 @@ } }, "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_5": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -302,49 +286,7 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1728580416, - "narHash": "sha256-nKttjKg6lE7O5S+wlBOkXsUGdOgVxZ8SWaCOyodW5so=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "4ebefcac44b5116cf5741be858245db769ddedd1", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { - "inputs": { - "nixpkgs": [ - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -394,11 +336,11 @@ ] }, "locked": { - "lastModified": 1728588172, - "narHash": "sha256-wCLcOMOyiFHa4MfAT1SR8jj47GcmCXiR93kgFs38bVY=", + "lastModified": 1728726232, + "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", "owner": "nix-community", "repo": "home-manager", - "rev": "8bb5d53c5847d9a9b2ad1bda49f9aa9df0de282a", + "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", "type": "github" }, "original": { @@ -447,7 +389,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2", "nixpkgs": [ @@ -499,14 +441,14 @@ }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1728385805, - "narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=", + "lastModified": 1728769175, + "narHash": "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc", + "rev": "fd0e3ed30b75ddf7f3d94829d80a078b413b6244", "type": "github" }, "original": { @@ -562,8 +504,8 @@ }, "nixos-apple-silicon": { "inputs": { - "flake-compat": "flake-compat_5", - "nixpkgs": "nixpkgs_5", + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay_3" }, "locked": { @@ -582,11 +524,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -626,11 +568,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", + "lastModified": 1728627514, + "narHash": "sha256-r+SF9AnHrTg+bk6YszoKfV9lgyw+yaFUQe0dOjI0Z2o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", + "rev": "c505ebf777526041d792a49d5f6dd4095ea391a7", "type": "github" }, "original": { @@ -641,22 +583,6 @@ } }, "nixpkgs-stable_2": { - "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { "locked": { "lastModified": 1710695816, "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", @@ -672,23 +598,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1728500571, - "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_5": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1728156290, "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", @@ -720,22 +630,6 @@ "type": "github" } }, - "nixpkgs-unstable-small": { - "locked": { - "lastModified": 1728534991, - "narHash": "sha256-wLUZyvtOOowAz0kTrU2MoC4nXWniFaVezGyzuEt5HPc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6b955bdbb9efe4a5c047746323951fe1bdf8d01b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1728492678, @@ -753,22 +647,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1719082008, - "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9693852a2070b398ee123a329e68f0dab5526681", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1718149104, "narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=", @@ -782,7 +660,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1725103162, "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", @@ -798,7 +676,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1728093190, "narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=", @@ -851,12 +729,12 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1717664902, @@ -877,16 +755,13 @@ "authentik-nix": "authentik-nix", "chaotic": "chaotic", "cosmic": "cosmic", - "git-hooks": "git-hooks", "home-manager": "home-manager_2", "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nix-darwin": "nix-darwin", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-hardware": "nixos-hardware", - "nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-unstable": "nixpkgs-unstable", - "nixpkgs-unstable-small": "nixpkgs-unstable-small", "sops-nix": "sops-nix" } }, @@ -915,11 +790,11 @@ ] }, "locked": { - "lastModified": 1728461096, - "narHash": "sha256-cd0cXB85B3kGpm+iumP9xCnqFErspXL9Z/2X59kQ6c4=", + "lastModified": 1728700003, + "narHash": "sha256-Ox1pvEHxLK6lAdaKQW21Zvk65SPDag+cD8YA444R/og=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e310b9bd71fa6c6a9fec0a8cf5af43ce798a0ad6", + "rev": "fc1e58ebabe0cef4442eedea07556ff0c9eafcfe", "type": "github" }, "original": { @@ -971,8 +846,8 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_5" + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1728345710, diff --git a/flake.nix b/flake.nix index 519aa17..75cd52b 100644 --- a/flake.nix +++ b/flake.nix @@ -6,10 +6,10 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; # nixpkgs-unstable-small - nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + # nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # nixpgs - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; # Authentik authentik-nix.url = "github:nix-community/authentik-nix"; @@ -48,16 +48,14 @@ url = "github:lilyinstarlight/nixos-cosmic"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - - git-hooks.url = "github:cachix/git-hooks.nix"; }; outputs = { self, nixpkgs-unstable, - nixpkgs-unstable-small, - nixpkgs-stable, + # nixpkgs-unstable-small, + # nixpkgs-stable, chaotic, lanzaboote, impermanence, @@ -68,16 +66,9 @@ cosmic, authentik-nix, sops-nix, - git-hooks, }@inputs: let inherit (self) outputs; - supportedSystems = [ - "x86_64-linux" - "aarch64-linux" - "aarch64-darwin" - ]; - forAllSystems = nixpkgs-unstable.lib.genAttrs supportedSystems; in { overlays = import ./overlays { inherit inputs; }; @@ -139,7 +130,6 @@ nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-hidpi - # nixos-hardware.nixosModules.common-gpu-nvidia ]; }; @@ -195,21 +185,5 @@ # Set Git commit hash for darwin-version. system.configurationRevision = self.rev or self.dirtyRev or null; - - # checks = forAllSystems (system: { - # pre-commit-check = git-hooks.lib.${system}.run { - # src = ./.; - # hooks = { - # nixpkgs-fmt.enable = true; - # }; - # }; - # }); - - # devShells = forAllSystems (system: { - # default = nixpkgs-unstable.legacyPackages.${system}.mkShell { - # inherit (self.checks.${system}.pre-commit-check) shellHook; - # buildInputs = self.checks.${system}.pre-commit-check.enabledPackages; - # }; - # }); }; } diff --git a/hosts/default.nix b/hosts/default.nix index da83b70..58bbc71 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -11,8 +11,8 @@ in # Enable nix flakes and nix-command tools nix = { settings = { - warn-dirty = false; - experimental-features = [ + warn-dirty = lib.mkForce false; + experimental-features = lib.mkForce [ "nix-command" "flakes" ]; @@ -20,7 +20,7 @@ in # Garbage collect automatically every week gc.automatic = lib.mkDefault true; - gc.options = "--delete-older-than 30d"; + gc.options = lib.mkDefault "--delete-older-than 30d"; optimise.automatic = lib.mkDefault true; }; @@ -38,7 +38,7 @@ in enableAllFirmware = lib.mkForce true; # Disable pulse audio in favor of pipewire - pulseaudio.enable = false; + pulseaudio.enable = lib.mkDefault false; }; # Services configs diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index ddcb891..671e608 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -223,8 +223,6 @@ in wineWowPackages.waylandFull ]; - sessionVariables = lib.mkDefault { STEAM_FORCE_DESKTOPUI_SCALING = "1"; }; - etc."lact/config.yaml".text = '' daemon: log_level: info diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 85c28e8..df4d227 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -16,7 +16,7 @@ let s = "status"; st = "status"; b = "branch"; - # p = "pull --rebase"; + p = "pull --rebase"; pu = "push"; }; in diff --git a/hosts/desktop/hyprland/home.nix b/hosts/desktop/hyprland/home.nix index 362f1e1..4cb2411 100644 --- a/hosts/desktop/hyprland/home.nix +++ b/hosts/desktop/hyprland/home.nix @@ -15,8 +15,8 @@ let themeVariants = [ gtkThemeAccent ]; tweaks = [ gtkThemeVariant ]; }; - iconThemeColor = "dark"; # "" "light" "dark" - iconThemeVariant = ""; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" + # iconThemeColor = "dark"; # "" "light" "dark" + # iconThemeVariant = ""; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" iconThemeScheme = "nord"; # "" "nord" "dracula" "gruvbox" "everforest" "catppuccin" iconTheme = "Colloid-Nord"; iconThemePkg = pkgs.colloid-icon-theme.override { diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 0c8c74c..4aeec02 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -173,6 +173,7 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" ]; packages = with pkgs; [ + cachix fastfetch git parted diff --git a/hosts/nas/filesystems.nix b/hosts/nas/filesystems.nix index e39c15a..1c1aa2e 100644 --- a/hosts/nas/filesystems.nix +++ b/hosts/nas/filesystems.nix @@ -105,6 +105,16 @@ in options = [ "subvol=timemachine" ] ++ defaultOptions; }; + fileSystems."/run/mount/ssd" = { + device = "/dev/mapper/ssd1"; + fsType = "btrfs"; + }; + + fileSystems."/run/mount/main" = { + device = "/dev/mapper/hdd1"; + fsType = "btrfs"; + }; + # fileSystems."/media/nas/junk/nextcloud-backup" = { # device = "/dev/disk/by-uuid/11948951106919390044"; # fsType = "btrfs"; diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix index a81d17c..2c96353 100644 --- a/hosts/nas/home.nix +++ b/hosts/nas/home.nix @@ -42,7 +42,7 @@ s = "status"; st = "status"; b = "branch"; - # p = "pull --rebase"; + p = "pull --rebase"; pu = "push"; }; }; diff --git a/hosts/nas/impermanence.nix b/hosts/nas/impermanence.nix index 6ba1fa9..458831f 100644 --- a/hosts/nas/impermanence.nix +++ b/hosts/nas/impermanence.nix @@ -1,4 +1,4 @@ -{ ... }@args: +{ ... }: { # Set up impernance configuration for things like bluetooth # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints. @@ -34,4 +34,9 @@ "/etc/machine-id" ]; }; + + security.sudo.extraConfig = '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; } diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index 057ed28..8f746f4 100644 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -2,25 +2,19 @@ let hostname = "jallen-nas"; ipAddress = "10.0.1.18"; + ipAddress2 = "10.0.1.19"; gateway = "10.0.1.1"; - allowedPorts = [ - 2342 - 3493 - 61208 - 9090 - 9000 - # config.services.tailscale.port - # 22 - ]; in { - # Networking configs wlp7s0 + # Networking configs networking = { hostName = hostname; + useNetworkd = true; + hostId = "4b501480"; - # Enable Network Manager + # Disable Network Manager networkmanager.enable = false; interfaces = { @@ -33,25 +27,23 @@ in } ]; }; - - # br0 = { - # useDHCP = false; - # ipv4.addresses = [ - # { - # address = ipAddress; - # prefixLength = 24; - # } - # ]; - # }; + wlp6s0 = { + useDHCP = true; + ipv4.addresses = [ + { + address = ipAddress2; + prefixLength = 24; + } + ]; + }; }; - # bridges = { - # br0 = { - # interfaces = [ "wlp6s0" ]; - # }; - # }; + defaultGateway = { + interface = "wlp7s0"; + address = gateway; + metric = 1; + }; - defaultGateway.address = gateway; nameservers = [ gateway ]; wireless = { @@ -60,42 +52,32 @@ in secretsFile = config.sops.secrets."wifi".path; allowAuxiliaryImperativeNetworks = true; interfaces = [ + "wlp6s0" "wlp7s0" ]; networks = { "Joey's Jungle 6G" = { -# pskRaw = "ext:PSK"; -# priority = 1000; + # pskRaw = "ext:PSK"; + priority = 1000; psk = "kR8v&3Qd"; extraConfig = '' key_mgmt=SAE ieee80211w=2 ''; }; -# "Joey's Jungle 5G" = { -# pskRaw = "ext:PSK"; -# priority = 1; -# }; + "Joey's Jungle 5G" = { + pskRaw = "ext:PSK"; + priority = -100; + }; }; }; firewall = { enable = true; allowPing = true; - extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? - allowedTCPPorts = allowedPorts; - allowedUDPPorts = allowedPorts; # always allow traffic from your Tailscale network trustedInterfaces = [ "tailscale0" ]; }; - - # nat = { - # enable = true; - # internalInterfaces = ["ve-+"]; - # externalInterface = "wlp9s0"; - # # Lazy IPv6 connectivity for the container - # enableIPv6 = true; - # }; }; } diff --git a/modules/services/caddy/default.nix b/modules/services/caddy/default.nix deleted file mode 100644 index ad1b42f..0000000 --- a/modules/services/caddy/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: -let - collaboraPort = "9980"; - nextcloudPort = "9981"; - jellyfinPort = ""; -in -{ - services.caddy = { - enable = true; - enableReload = true; - email = "jalle008@proton.me"; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = "/media/ssd/nix-app-data/caddy"; - - virtualHosts."hass.mjallen.dev".extraConfig = '' - reverse_proxy http://10.0.1.183:8126 - ''; - - - }; -} \ No newline at end of file diff --git a/modules/services/fail2ban/default.nix b/modules/services/fail2ban/default.nix deleted file mode 100644 index ddd2f97..0000000 --- a/modules/services/fail2ban/default.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ pkgs, ... }: -{ - services.fail2ban = { - enable = true; - # Ban IP after 5 failures - maxretry = 5; - ignoreIP = [ - # Whitelist subnet - "10.0.1.0/24" - # "8.8.8.8" # whitelist a specific IP - # "nixos.wiki" # resolve the IP via DNS - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the bantime based on all the violations - }; - jails = { - apache-nohome-iptables.settings = { - # Block an IP address if it accesses a non-existent - # home directory more than 5 times in 10 minutes, - # since that indicates that it's scanning. - filter = "apache-nohome"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "/var/log/httpd/error_log*"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - - ngnix-url-probe.settings = { - enabled = true; - filter = "nginx-url-probe"; - logpath = "/var/log/nginx/access.log"; - action = ''%(action_)s[blocktype=DROP] - ntfy''; - backend = "auto"; # Do not forget to specify this if your jail uses a log file - maxretry = 5; - findtime = 600; - }; - - nginx-http-auth.settings = { - enabled = true; - filter = "nginx-http-auth"; - port = "http,https"; - logpath = "/var/log/httpd/error_log*"; - }; - - nginx-badbots.settings = { - enabled = true; - filter = "nginx-badbots"; - port = "http,https"; - logpath = "/var/log/nginx/access.log"; - maxretry = 2; - }; - - nginx-botsearch.settings = { - enabled = true; - filter = "nginx-botsearch"; - port = "http,https"; - logpath = "/var/log/nginx/access.log"; - }; - - nginx-deny.settings = { - enabled = true; - filter = "nginx-deny"; - port = "http,https"; - logpath = "/var/log/nginx/access.log"; - }; - - nginx-unauthorized.settings = { - enabled = true; - filter = "nginx-unauthorized"; - port = "http,https"; - logpath = "/var/log/nginx/access.log"; - }; - }; - }; - - environment.etc = { - # Define an action that will trigger a Ntfy push notification upon the issue of every new ban - # "fail2ban/action.d/ntfy.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - # [Definition] - # norestored = true # Needed to avoid receiving a new notification after every restart - # actionban = curl -H "Title: has been banned" -d " jail has banned from accessing $(hostname) after attempts of hacking the system." https://ntfy.sh/Fail2banNotifications - # ''); - # Defines a filter that detects URL probing by reading the Nginx access log - "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ^.*(GET /(wp-|admin|boaform|phpmyadmin|\.env|\.git)|\.(dll|so|cfm|asp)|(\?|&)(=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000|=PHPE9568F36-D428-11d2-A769-00AA001ACF42|=PHPE9568F35-D428-11d2-A769-00AA001ACF42|=PHPE9568F34-D428-11d2-A769-00AA001ACF42)|\\x[0-9a-zA-Z]{2}) - ''); - }; -} \ No newline at end of file diff --git a/share/amd/default.nix b/share/amd/default.nix index 199a407..8622722 100644 --- a/share/amd/default.nix +++ b/share/amd/default.nix @@ -63,6 +63,9 @@ in }; # Configure environment - environment.systemPackages = mkIf cfg.lact.enable [ pkgs.lact ]; + environment = { + systemPackages = mkIf cfg.lact.enable [ pkgs.lact ]; + sessionVariables = lib.mkDefault { STEAM_FORCE_DESKTOPUI_SCALING = "1"; }; + }; }; } diff --git a/share/impermanence/default.nix b/share/impermanence/default.nix index 6fd8162..4ddc314 100644 --- a/share/impermanence/default.nix +++ b/share/impermanence/default.nix @@ -1,4 +1,4 @@ -{ ... }@args: +{ ... }: { # Set up impernance configuration for things like bluetooth # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints. diff --git a/share/known-hosts.nix b/share/known-hosts.nix deleted file mode 100644 index 63049ea..0000000 --- a/share/known-hosts.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - ... -}: -{ - programs.ssh.knownHosts = { - jallen-mac = { - hostNames = [ "mattjallen@MacBook-Pro.local" ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs="; - }; - jallen-pc-windows = { - hostNames = [ "mattl@Jallen-PC" ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s="; - }; - jallen-pc-nixos = { - hostNames = [ "matt@matt-nixos" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov"; - }; - }; -} \ No newline at end of file diff --git a/share/nvidia/default.nix b/share/nvidia/default.nix index defacda..dfdc81d 100644 --- a/share/nvidia/default.nix +++ b/share/nvidia/default.nix @@ -1,6 +1,5 @@ { lib, - pkgs, config, ... }: