Update

2024-06-08 01:56:21 +02:00
parent 1ccb720f3b
commit 88fb9d078b
31 changed files with 200 additions and 48 deletions
--- a/hosts/server/firewall.nix
+++ b/hosts/server/firewall.nix
@@ -1,5 +1,11 @@
 {

+  services.fail2ban = {
+    enable = true;
+    maxretry = 3;
+    ignoreIP = [ "127.0.0.0/8" "10.0.0.0/8" "192.168.0.0/16" ];
+  };
+
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 22 ];
--- a/hosts/server/ntfy.nix
+++ b/hosts/server/ntfy.nix
@@ -0,0 +1 @@
+{ services.ntfy = { enable = true; }; }
--- a/hosts/server/vaultwarden.nix
+++ b/hosts/server/vaultwarden.nix
@@ -0,0 +1,21 @@
+let
+  port = 8222;
+  signup = false;
+in {
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "https://bw.anotherhadi.com";
+      SIGNUPS_ALLOWED = signup;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = port;
+      ROCKET_LOG = "critical";
+    };
+  };
+
+  services.nginx.virtualHosts."bw.anotherhadi.com" = {
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+}