diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/headless.nix | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/common/headless.nix b/common/headless.nix index d3a7c22..0689e6a 100644 --- a/common/headless.nix +++ b/common/headless.nix @@ -28,4 +28,27 @@ defaults.email = "stuebinm@disroot.org"; }; + services.fail2ban = { + enable = true; + bantime-increment.enable = true; + bantime-increment.overalljails = true; + bantime-increment.maxtime = "1312m"; + ignoreIP = [ "185.39.64.13" ]; + }; + + services.logrotate = { + enable = true; + # the nginx module does stuff here, which apparently no one tells anyone about + settings.nginx = { + rotate = 2; + nocompress = true; + compress = false; + }; + }; + + services.nginx.appendHttpConfig = '' + access_log off; + add_header Permissions-Policy "interest-cohort=()"; + ''; + programs.mosh.enable = true; } |