From 649f63f08d742a22e3e04f627f2b804af12e2f51 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Jun 2024 19:19:37 +0200 Subject: [PATCH] bleh --- common/configuration.nix | 8 +++++++- pastila/srv.nix | 32 +++++++++++++++++++------------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/common/configuration.nix b/common/configuration.nix index 388c9e3..305234a 100644 --- a/common/configuration.nix +++ b/common/configuration.nix @@ -10,7 +10,13 @@ services.openssh.enable = true; services.openssh.settings.PermitRootLogin = lib.mkDefault "no"; - services.fail2ban.enable = true; + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "neptune.site.deuxfleurs.fr" + ]; + }; # Activate nix flakes. nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/pastila/srv.nix b/pastila/srv.nix index 2f44206..558654b 100644 --- a/pastila/srv.nix +++ b/pastila/srv.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: +let + up_dir = /srv/up; +in { services.nginx.enable = true; @@ -7,25 +10,28 @@ # in /home. So we need to use a different location. users.users."up" = { isNormalUser = true; - home = /srv/up; + home = up_dir; group = config.services.nginx.group; - createHome = true; - homeMode = "750"; + # Unsure why this is broken, but couldn't make things work without + # creating the directory by hand. + # createHome = true; + # homeMode = "750"; }; services.nginx.virtualHosts."srv.isomorphis.me" = { forceSSL = true; enableACME = true; - root = config.users.users."up".home; - locations."/" = { - extraConfig = '' - autoindex on; - ''; - }; - locations."/i/" = { - extraConfig = '' - autoindex off; - ''; + root = up_dir; + locations ={ + "/" = { + extraConfig = "autoindex on;"; + }; + "/.ssh" = { + return = "403"; + }; + "/i/" = { + extraConfig = "autoindex off;"; + }; }; }; } \ No newline at end of file