From 3ec7bc623a720d4b958b12615fae34efcb3a260c Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Sun, 5 Mar 2023 22:47:21 +0100
Subject: fix things & make some others simpler, also ipv6 🎉

---
 common/headless.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'common')

diff --git a/common/headless.nix b/common/headless.nix
index d3a7c22..0689e6a 100644
--- a/common/headless.nix
+++ b/common/headless.nix
@@ -28,4 +28,27 @@
     defaults.email = "stuebinm@disroot.org";
   };
 
+  services.fail2ban = {
+    enable = true;
+    bantime-increment.enable = true;
+    bantime-increment.overalljails = true;
+    bantime-increment.maxtime = "1312m";
+    ignoreIP = [ "185.39.64.13" ];
+  };
+
+  services.logrotate = {
+    enable = true;
+    # the nginx module does stuff here, which apparently no one tells anyone about
+    settings.nginx = {
+      rotate = 2;
+      nocompress = true;
+      compress = false;
+    };
+  };
+
+  services.nginx.appendHttpConfig = ''
+     access_log off;
+     add_header Permissions-Policy "interest-cohort=()";
+  '';
+  programs.mosh.enable = true;
 }
-- 
cgit v1.2.3