From 1567d5f2965b2c30f618ae365fbe175283381b6c Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Sat, 6 Apr 2024 19:02:32 -0400 Subject: [PATCH] Feature/removing junk (#129) * removing fail2ban jails * removed gitea seting and renamed security.nix to endlessh.nix * fixed formating --------- Co-authored-by: Your Name --- modules/{security.nix => endlessh.nix} | 14 -------------- modules/fail2ban.nix | 22 ---------------------- 2 files changed, 36 deletions(-) rename modules/{security.nix => endlessh.nix} (50%) diff --git a/modules/security.nix b/modules/endlessh.nix similarity index 50% rename from modules/security.nix rename to modules/endlessh.nix index cf092dc..4cd95e4 100644 --- a/modules/security.nix +++ b/modules/endlessh.nix @@ -1,21 +1,7 @@ -# BIASED { config, lib, ... }: { config = { services = { - openssh = lib.mkIf config.services.gitea.enable { - extraConfig = '' - Match User gitea - PermitTTY no - X11Forwarding no - ''; - }; - - gitea.settings."ssh.minimum_key_sizes" = lib.mkIf config.services.gitea.enable { - ECDSA = -1; - RSA = 4095; - }; - endlessh-go = lib.mkIf (!builtins.elem 22 config.services.openssh.ports) { enable = true; port = 22; diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix index 8476cd7..890525a 100644 --- a/modules/fail2ban.nix +++ b/modules/fail2ban.nix @@ -20,27 +20,5 @@ in maxtime = "168h"; overalljails = true; }; - - jails = { - apache-nohome-iptables.settings = { - # Block an IP address if it accesses a non-existent - # home directory more than 5 times in 10 minutes, - # since that indicates that it's scanning. - filter = "apache-nohome"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "/var/log/httpd/error_log*"; - backend = "systemd"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - - dovecot = { - settings = { - filter = "dovecot[mode=aggressive]"; - maxretry = 3; - }; - }; - }; }; }