feat(www): fixing fail2ban and other minor tweaks
This commit is contained in:
62
flake.lock
generated
62
flake.lock
generated
@@ -153,11 +153,11 @@
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759155412,
|
||||
"narHash": "sha256-5JMoXMQt0C1SAHzhHwKLIEZ8/Q8f0vqBGxrMnmuOvJg=",
|
||||
"lastModified": 1759235653,
|
||||
"narHash": "sha256-sKFehUxXCzM6E1LcmnRa/O6HKsRI/TGtciG5ulAJt08=",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "ae7eac57b8dfc221270bb4f4752a87fe4f17ca11",
|
||||
"rev": "2bf7f138e42fa8b2133761edab64263505cb83bf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -212,11 +212,11 @@
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759128018,
|
||||
"narHash": "sha256-30KHoIXMgyNQULifR1yQ5Sp0vr4tWpGRJXPOTgEzx1A=",
|
||||
"lastModified": 1759214609,
|
||||
"narHash": "sha256-+V3SeMjAMd9j9JTECk9oc0gWhtsk79rFEbYf/tHjywo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "5c342209226275f704ab84d89efc80b2d3963517",
|
||||
"rev": "f93a2d7225bc7a93d3379acff8fe722e21d97852",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -590,11 +590,11 @@
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758833221,
|
||||
"narHash": "sha256-c3fpREWUKGonlmV/aesmyRxbJZQypHgXStR7SwdcCo0=",
|
||||
"lastModified": 1759201995,
|
||||
"narHash": "sha256-3STv6fITv8Ar/kl0H7vIA7VV0d2gyLh8UL0BOiVacXg=",
|
||||
"owner": "helix-editor",
|
||||
"repo": "helix",
|
||||
"rev": "109c812233e442addccf1739dec4406248bd3244",
|
||||
"rev": "bfcbef10c513108c7b43317569416c2eefc4ed44",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -610,11 +610,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759106866,
|
||||
"narHash": "sha256-GjLvAl7qxGxKtop6ghasxjQ1biTT7pA+WU45byzMl/4=",
|
||||
"lastModified": 1759236626,
|
||||
"narHash": "sha256-1BjCUU2csqhR5umGYFnOOTU8r8Bi+bnB2SLsr0FLcws=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "619ae569293b6427d23cce4854eb4f3c33af3eec",
|
||||
"rev": "9e0453a9b0c8ef22de0355b731d712707daa6308",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -652,11 +652,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758928860,
|
||||
"narHash": "sha256-ZqaRdd+KoR54dNJPtd7UX4O0X+02YItnTpQVu28lSVI=",
|
||||
"lastModified": 1759172751,
|
||||
"narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "bc2afee55bc5d3b825287829d6592b9cc1405aad",
|
||||
"rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -803,11 +803,11 @@
|
||||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759148562,
|
||||
"narHash": "sha256-kPSevFrZv/zmXy0rVhbZr2nQ4nXmt7lnI2/xqGoIVT4=",
|
||||
"lastModified": 1759169434,
|
||||
"narHash": "sha256-1u6kq88ICeE9IiJPditYa248ZoEqo00kz6iUR+jLvBQ=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprland",
|
||||
"rev": "09596725910aab2a9defed250348aebeee40f842",
|
||||
"rev": "38c1e72c9d81fcdad8f173e06102a5da18836230",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -824,11 +824,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759123041,
|
||||
"narHash": "sha256-O3dfYBYhsdjpELmyE1czkQfG2Jzh+pzsKMhPX3QVz80=",
|
||||
"lastModified": 1759238633,
|
||||
"narHash": "sha256-4/AtRCQKXuU49ozZZouWuC+T7vCjQh9HAz3N8Tt5OZE=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "contrib",
|
||||
"rev": "125043bea28e5f988f4e97250213948667a26b1c",
|
||||
"rev": "513d71d3f42c05d6a38e215382c5a6ce971bd77d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1626,11 +1626,11 @@
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1759060464,
|
||||
"narHash": "sha256-37+iMpZOQ1m9SuOJTBlRK1R0IVPS7e95oQggK82UpLs=",
|
||||
"lastModified": 1759134797,
|
||||
"narHash": "sha256-YPi+jL3tx/yC5J5l7/OB7Lnlr9BMTzYnZtm7tRJzUNg=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "5c0b555a65cadc14a6a16865c3e065c9d30b0bef",
|
||||
"rev": "062ac7a5451e8e92a32e22a60d86882d6a034f3f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1648,11 +1648,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758940228,
|
||||
"narHash": "sha256-sTS04L9LKqzP1oiVXYDwcMzfFSF0DnSJQFzZBpEgLFE=",
|
||||
"lastModified": 1759113356,
|
||||
"narHash": "sha256-xm4kEUcV2jk6u15aHazFP4YsMwhq+PczA+Ul/4FDKWI=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "5bfedf3fbbf5caf8e39f7fcd62238f54d82aa1e2",
|
||||
"rev": "be3b8843a2be2411500f6c052876119485e957a2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1923,11 +1923,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759072104,
|
||||
"narHash": "sha256-2B5RObgBD/ptcC8rO6jI2o+0LWg3iG300wQlBYiyjec=",
|
||||
"lastModified": 1759180079,
|
||||
"narHash": "sha256-5hqTGqAKcLEumY3tqOtHK17CA6RkzS1I0EGKfuoyb58=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "8db6527b42469df2ffd888e79fe15151888bdc0f",
|
||||
"revCount": 134,
|
||||
"rev": "d4a254b38c7ac2b99931220d767610adfa3a57fe",
|
||||
"revCount": 135,
|
||||
"type": "git",
|
||||
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
|
||||
},
|
||||
|
||||
@@ -65,7 +65,7 @@ in {
|
||||
fail2ban = lib.mkIf cfg.enable {
|
||||
jails = {
|
||||
authentik = {
|
||||
serviceName = "${cfg.url}";
|
||||
serviceName = "authentik";
|
||||
failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -44,9 +44,11 @@ in {
|
||||
server = {
|
||||
fail2ban = lib.mkIf config.server.www.enable {
|
||||
jails = {
|
||||
www = {
|
||||
serviceName = "cnst.dev";
|
||||
failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
|
||||
nginx-404 = {
|
||||
serviceName = "nginx";
|
||||
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
|
||||
ignoreRegex = "";
|
||||
maxRetry = 5;
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -64,14 +66,23 @@ in {
|
||||
virtualHosts."webfinger" = {
|
||||
forceSSL = false;
|
||||
serverName = cfg.url;
|
||||
root = "/etc/webfinger";
|
||||
root = "/var/www/webfinger";
|
||||
|
||||
locations."= /.well-known/webfinger" = {
|
||||
root = "/etc/webfinger";
|
||||
root = "/var/www/webfinger";
|
||||
extraConfig = ''
|
||||
default_type application/jrd+json;
|
||||
try_files /.well-known/webfinger =404;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."= /robots.txt" = {
|
||||
root = "/var/www/webfinger";
|
||||
extraConfig = ''
|
||||
default_type text/plain;
|
||||
try_files /robots.txt =404;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -85,7 +96,8 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."webfinger/.well-known/webfinger".text = ''
|
||||
environment.etc = {
|
||||
"webfinger/.well-known/webfinger".text = ''
|
||||
{
|
||||
"subject": "acct:adam@${cfg.url}",
|
||||
"links": [
|
||||
@@ -97,6 +109,12 @@ in {
|
||||
}
|
||||
'';
|
||||
|
||||
"webfinger/robots.txt".text = ''
|
||||
User-agent: *
|
||||
Disallow: /
|
||||
'';
|
||||
};
|
||||
|
||||
services.traefik.dynamicConfigOptions.http = {
|
||||
routers.webfinger = {
|
||||
entryPoints = ["websecure"];
|
||||
|
||||
Reference in New Issue
Block a user