diff options
| -rw-r--r-- | hosts/lilith/configuration.nix | 3 | ||||
| -rw-r--r-- | hosts/sachiel/configuration.nix | 12 | ||||
| -rw-r--r-- | modules/nixos/server/nextcloud/default.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/server/openssh/default.nix | 15 |
4 files changed, 16 insertions, 18 deletions
diff --git a/hosts/lilith/configuration.nix b/hosts/lilith/configuration.nix index e631b51..a878584 100644 --- a/hosts/lilith/configuration.nix +++ b/hosts/lilith/configuration.nix @@ -45,6 +45,9 @@ in ]; casks = [ "mullvad-vpn" + "nextcloud" + "iterm2" + "rectangle" ]; onActivation.cleanup = "zap"; onActivation.autoUpdate = true; diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix index e36e91a..9a81a45 100644 --- a/hosts/sachiel/configuration.nix +++ b/hosts/sachiel/configuration.nix @@ -1,4 +1,5 @@ { + inputs, pkgs, host, ... @@ -10,6 +11,7 @@ in { imports = [ ./hardware-configuration.nix + (import ../../modules/secrets/default.nix) ]; boot.tmp.cleanOnBoot = true; @@ -67,15 +69,9 @@ in }; nx.server = { - openssh = { - enable = true; - allowedUsers = [ username ]; - }; + openssh.enable = true; nginx.enable = true; - nextcloud = { - enable = true; - user = username; - }; + nextcloud.enable = true; site.enable = true; }; diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix index db665cf..11d5ea9 100644 --- a/modules/nixos/server/nextcloud/default.nix +++ b/modules/nixos/server/nextcloud/default.nix @@ -5,7 +5,7 @@ ... }: let - inherit (lib) mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf mkDefault; cfg = config.nx.server.nextcloud; in { @@ -113,7 +113,7 @@ in services.fail2ban = { enable = true; - bantime = "86400"; + bantime = lib.mkDefault "1h"; jails = { nextcloud = { enabled = true; diff --git a/modules/nixos/server/openssh/default.nix b/modules/nixos/server/openssh/default.nix index a56460d..ac23d28 100644 --- a/modules/nixos/server/openssh/default.nix +++ b/modules/nixos/server/openssh/default.nix @@ -5,7 +5,7 @@ }: let - inherit (lib) mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf mkDefault; cfg = config.nx.server.openssh; in { @@ -17,18 +17,17 @@ in services.openssh = { enable = true; ports = [ 8693 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ ]; - X11Forwarding = false; - PermitRootLogin = "yes"; - }; + settings = { + PasswordAuthentication = false; + X11Forwarding = false; + PermitRootLogin = "yes"; + }; }; networking.firewall.allowedTCPPorts = [ 8693 ]; services.fail2ban = { enable = true; - bantime = "1h"; + bantime = lib.mkDefault "1h"; jails = { sshd = { enabled = true; |