This commit is contained in:
root 2024-06-01 19:19:37 +02:00
parent feadbd010b
commit 649f63f08d
2 changed files with 26 additions and 14 deletions

View file

@ -10,7 +10,13 @@
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = lib.mkDefault "no"; services.openssh.settings.PermitRootLogin = lib.mkDefault "no";
services.fail2ban.enable = true; services.fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [
"neptune.site.deuxfleurs.fr"
];
};
# Activate nix flakes. # Activate nix flakes.
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];

View file

@ -1,5 +1,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
up_dir = /srv/up;
in
{ {
services.nginx.enable = true; services.nginx.enable = true;
@ -7,25 +10,28 @@
# in /home. So we need to use a different location. # in /home. So we need to use a different location.
users.users."up" = { users.users."up" = {
isNormalUser = true; isNormalUser = true;
home = /srv/up; home = up_dir;
group = config.services.nginx.group; group = config.services.nginx.group;
createHome = true; # Unsure why this is broken, but couldn't make things work without
homeMode = "750"; # creating the directory by hand.
# createHome = true;
# homeMode = "750";
}; };
services.nginx.virtualHosts."srv.isomorphis.me" = { services.nginx.virtualHosts."srv.isomorphis.me" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = config.users.users."up".home; root = up_dir;
locations."/" = { locations ={
extraConfig = '' "/" = {
autoindex on; extraConfig = "autoindex on;";
''; };
"/.ssh" = {
return = "403";
};
"/i/" = {
extraConfig = "autoindex off;";
}; };
locations."/i/" = {
extraConfig = ''
autoindex off;
'';
}; };
}; };
} }