cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:3d1e0991ae2725c5706bfe3a641dc9bfb158d4c8
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

5 Commits
3d1e0991ae ... compare_br

Author SHA1 Message Date
cnst
d53bf7546a broken 2 2025-10-05 10:02:39 +02:00
cnst
c9edc99a85 chore(revert): slowly introducing changes 2025-10-05 09:27:51 +02:00
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
cnst
923c810972 feat(authentik): fixing some fail2ban things 2025-10-01 18:00:55 +02:00
cnst
6ab35f4e91 feat(www): fixing fail2ban and other minor tweaks 2025-09-30 18:16:49 +02:00
7 changed files with 192 additions and 164 deletions
Expand all files Collapse all files

178
flake.lock generated
View File

@@ -83,11 +83,11 @@
]
},
"locked": {
"lastModified": 1755946532,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
"lastModified": 1759499898,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"type": "github"
},
"original": {
@@ -114,11 +114,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1758177015,
"narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=",
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
@@ -130,16 +130,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1758035356,
"narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=",
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "680feaefa17934471a6b33ebc35caf5b64120404",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.3",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
@@ -153,11 +153,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1759155412,
"narHash": "sha256-5JMoXMQt0C1SAHzhHwKLIEZ8/Q8f0vqBGxrMnmuOvJg=",
"lastModified": 1759532138,
"narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "ae7eac57b8dfc221270bb4f4752a87fe4f17ca11",
"rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
"type": "github"
},
"original": {
@@ -212,11 +212,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1759128018,
"narHash": "sha256-30KHoIXMgyNQULifR1yQ5Sp0vr4tWpGRJXPOTgEzx1A=",
"lastModified": 1759646430,
"narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
"owner": "nix-community",
"repo": "fenix",
"rev": "5c342209226275f704ab84d89efc80b2d3963517",
"rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
"type": "github"
},
"original": {
@@ -332,11 +332,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -392,11 +392,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -491,11 +491,11 @@
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github"
},
"original": {
@@ -571,11 +571,11 @@
},
"hardware": {
"locked": {
"lastModified": 1758663926,
"narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=",
"lastModified": 1759582739,
"narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1",
"rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github"
},
"original": {
@@ -590,11 +590,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1758833221,
"narHash": "sha256-c3fpREWUKGonlmV/aesmyRxbJZQypHgXStR7SwdcCo0=",
"lastModified": 1759605748,
"narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
"owner": "helix-editor",
"repo": "helix",
"rev": "109c812233e442addccf1739dec4406248bd3244",
"rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
"type": "github"
},
"original": {
@@ -610,11 +610,11 @@
]
},
"locked": {
"lastModified": 1759106866,
"narHash": "sha256-GjLvAl7qxGxKtop6ghasxjQ1biTT7pA+WU45byzMl/4=",
"lastModified": 1759573136,
"narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "619ae569293b6427d23cce4854eb4f3c33af3eec",
"rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
"type": "github"
},
"original": {
@@ -652,11 +652,11 @@
]
},
"locked": {
"lastModified": 1758928860,
"narHash": "sha256-ZqaRdd+KoR54dNJPtd7UX4O0X+02YItnTpQVu28lSVI=",
"lastModified": 1759337100,
"narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bc2afee55bc5d3b825287829d6592b9cc1405aad",
"rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
"type": "github"
},
"original": {
@@ -710,11 +710,11 @@
]
},
"locked": {
"lastModified": 1758192433,
"narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
"lastModified": 1759490292,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"type": "github"
},
"original": {
@@ -803,11 +803,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1759148562,
"narHash": "sha256-kPSevFrZv/zmXy0rVhbZr2nQ4nXmt7lnI2/xqGoIVT4=",
"lastModified": 1759530922,
"narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "09596725910aab2a9defed250348aebeee40f842",
"rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
"type": "github"
},
"original": {
@@ -824,11 +824,11 @@
]
},
"locked": {
"lastModified": 1759123041,
"narHash": "sha256-O3dfYBYhsdjpELmyE1czkQfG2Jzh+pzsKMhPX3QVz80=",
"lastModified": 1759613406,
"narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "125043bea28e5f988f4e97250213948667a26b1c",
"rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github"
},
"original": {
@@ -942,11 +942,11 @@
]
},
"locked": {
"lastModified": 1757694755,
"narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
@@ -971,11 +971,11 @@
]
},
"locked": {
"lastModified": 1756810301,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
"lastModified": 1758927902,
"narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
"rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github"
},
"original": {
@@ -1006,11 +1006,11 @@
]
},
"locked": {
"lastModified": 1758124489,
"narHash": "sha256-YiVF/8Me3vVKJBEgGpQhn0HF09EWfXZGaWLzAaJBrO4=",
"lastModified": 1759572448,
"narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "7f769fa993cb492982d7bf25676c68ddbcc0268e",
"rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
"type": "github"
},
"original": {
@@ -1069,11 +1069,11 @@
]
},
"locked": {
"lastModified": 1756117388,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"type": "github"
},
"original": {
@@ -1191,11 +1191,11 @@
]
},
"locked": {
"lastModified": 1757230583,
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
"lastModified": 1759387127,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"type": "github"
},
"original": {
@@ -1229,11 +1229,11 @@
},
"mnw": {
"locked": {
"lastModified": 1756659871,
"narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
"lastModified": 1758834834,
"narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
"rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
"type": "github"
},
"original": {
@@ -1278,11 +1278,11 @@
]
},
"locked": {
"lastModified": 1759110900,
"narHash": "sha256-fcu/r0ijvaYT2VHGkZGr0wq9uBMNFkiftVBy43/2oig=",
"lastModified": 1759629535,
"narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "2ac6a49266e9159ccb001b4c8cb1f50f67d502ae",
"rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
"type": "github"
},
"original": {
@@ -1411,11 +1411,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1758198701,
"narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1443,11 +1443,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1459,11 +1459,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github"
},
"original": {
@@ -1482,11 +1482,11 @@
"systems": "systems_5"
},
"locked": {
"lastModified": 1758271661,
"narHash": "sha256-ENqd2/33uP5vB44ClDjjAV+J78oF8q1er4QUZuT8Z7g=",
"lastModified": 1759469269,
"narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
"owner": "notashelf",
"repo": "nvf",
"rev": "b7571df4d6e9ac08506a738ddceeec0b141751b0",
"rev": "e48638aef3a95377689de0ef940443c64f870a09",
"type": "github"
},
"original": {
@@ -1626,11 +1626,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1759060464,
"narHash": "sha256-37+iMpZOQ1m9SuOJTBlRK1R0IVPS7e95oQggK82UpLs=",
"lastModified": 1759601486,
"narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "5c0b555a65cadc14a6a16865c3e065c9d30b0bef",
"rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
"type": "github"
},
"original": {
@@ -1648,11 +1648,11 @@
]
},
"locked": {
"lastModified": 1758940228,
"narHash": "sha256-sTS04L9LKqzP1oiVXYDwcMzfFSF0DnSJQFzZBpEgLFE=",
"lastModified": 1759458749,
"narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5bfedf3fbbf5caf8e39f7fcd62238f54d82aa1e2",
"rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
"type": "github"
},
"original": {
@@ -1923,11 +1923,11 @@
]
},
"locked": {
"lastModified": 1759072104,
"narHash": "sha256-2B5RObgBD/ptcC8rO6jI2o+0LWg3iG300wQlBYiyjec=",
"lastModified": 1759590499,
"narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
"ref": "refs/heads/main",
"rev": "8db6527b42469df2ffd888e79fe15151888bdc0f",
"revCount": 134,
"rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
"revCount": 136,
"type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
},

2
hosts/kima/modules.nix
View File

@@ -216,7 +216,7 @@
flags = "--performance";
};
tailscale = {
enable = true;
enable = false;
};
udisks = {
enable = true;

2
hosts/sobotka/modules.nix
View File

@@ -214,7 +214,7 @@
flags = "--performance";
};
tailscale = {
enable = true;
enable = false;
};
udisks = {
enable = true;

11
modules/server/authentik/default.nix
View File

@@ -54,10 +54,14 @@ in {
authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
};
@@ -65,8 +69,8 @@ in {
fail2ban = lib.mkIf cfg.enable {
jails = {
authentik = {
serviceName = "${cfg.url}";
failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
serviceName = "authentik";
failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
};
};
};
@@ -99,7 +103,7 @@ in {
middlewares = {
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
@@ -115,6 +119,7 @@ in {
"X-authentik-meta-app"
"X-authentik-meta-version"
];
timeout = "10s";
};
};
};

30
modules/server/fail2ban/default.nix
View File

@@ -4,11 +4,9 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.server.fail2ban;
in
{
in {
options.server.fail2ban = {
enable = lib.mkEnableOption {
description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
description = "File containing your API key, scoped to Firewall Rules: Edit";
type = lib.types.str;
example = lib.literalExpression ''
Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o=
Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
'''
'';
};
@@ -57,10 +55,11 @@ in
pkgs.jq
];
jails = lib.attrsets.mapAttrs (name: value: {
jails =
lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "30d";
findtime = "1h";
bantime = "24h";
findtime = "10m";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
@@ -69,27 +68,26 @@ in
maxretry = 3;
action = "cloudflare-token-agenix";
};
}) cfg.jails;
})
cfg.jails;
};
environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' (
name: value:
(lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
) cfg.jails)
)
cfg.jails)
{
"fail2ban/action.d/cloudflare-token-agenix.conf".text =
let
"fail2ban/action.d/cloudflare-token-agenix.conf".text = let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in
''
in ''
[Definition]
actionstart =
actionstop =

43
modules/server/www/default.nix
View File

@@ -4,11 +4,18 @@
pkgs,
self,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf types;
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www;
srv = config.server;
in {
in
{
options.server.www = {
enable = mkEnableOption {
description = "Enable personal website";
@@ -44,9 +51,11 @@ in {
server = {
fail2ban = lib.mkIf config.server.www.enable {
jails = {
www = {
serviceName = "cnst.dev";
failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
nginx-404 = {
serviceName = "nginx";
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
ignoreRegex = "";
maxRetry = 5;
};
};
};
@@ -64,14 +73,23 @@ in {
virtualHosts."webfinger" = {
forceSSL = false;
serverName = cfg.url;
root = "/etc/webfinger";
root = "/var/www/webfinger";
locations."= /.well-known/webfinger" = {
root = "/etc/webfinger";
root = "/var/www/webfinger";
extraConfig = ''
default_type application/jrd+json;
try_files /.well-known/webfinger =404;
'';
};
locations."= /robots.txt" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type text/plain;
try_files /robots.txt =404;
'';
};
};
};
@@ -85,7 +103,8 @@ in {
};
};
environment.etc."webfinger/.well-known/webfinger".text = ''
environment.etc = {
"webfinger/.well-known/webfinger".text = ''
{
"subject": "acct:adam@${cfg.url}",
"links": [
@@ -97,6 +116,12 @@ in {
}
'';
"webfinger/robots.txt".text = ''
User-agent: *
Disallow: /
'';
};
services.traefik.dynamicConfigOptions.http = {
routers.webfinger = {
entryPoints = [ "websecure" ];

2
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true;
};
chromium = {
enable = true;
enable = false;
};
discord = {
enable = true;