fix things & make some others simpler, also ipv6 🎉

author: stuebinm 2023-03-05 22:47:21 +0100
committer: stuebinm 2023-03-05 22:47:21 +0100
commit: 3ec7bc623a720d4b958b12615fae34efcb3a260c (patch)
tree: 41920753884243934da06154b5481420e4edf37f /common/headless.nix
parent: 9f0a5397f02bee5aec24395bfd7e26b5ea577991 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/common/headless.nix b/common/headless.nix
index d3a7c22..0689e6a 100644
--- a/common/headless.nix
+++ b/common/headless.nix
@@ -28,4 +28,27 @@
     defaults.email = "stuebinm@disroot.org";
   };
 
+  services.fail2ban = {
+    enable = true;
+    bantime-increment.enable = true;
+    bantime-increment.overalljails = true;
+    bantime-increment.maxtime = "1312m";
+    ignoreIP = [ "185.39.64.13" ];
+  };
+
+  services.logrotate = {
+    enable = true;
+    # the nginx module does stuff here, which apparently no one tells anyone about
+    settings.nginx = {
+      rotate = 2;
+      nocompress = true;
+      compress = false;
+    };
+  };
+
+  services.nginx.appendHttpConfig = ''
+     access_log off;
+     add_header Permissions-Policy "interest-cohort=()";
+  '';
+  programs.mosh.enable = true;
 }
author	stuebinm	2023-03-05 22:47:21 +0100
committer	stuebinm	2023-03-05 22:47:21 +0100
commit	3ec7bc623a720d4b958b12615fae34efcb3a260c (patch)
tree	41920753884243934da06154b5481420e4edf37f /common/headless.nix
parent	9f0a5397f02bee5aec24395bfd7e26b5ea577991 (diff)