lzebulon/homelab
lzebulon/homelab
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Activity Actions

Compare commits

base: lzebulon:bdc9e500bfb84781b04156c964aeee94c91921cf
Branches Tags
lzebulon:main
...
compare: lzebulon:02eb3b5599da1fea4c2ef59b535c28b417cb0a0e
Branches Tags
lzebulon:main

3 commits
bdc9e500bf ... 02eb3b5599

Author SHA1 Message Date
Lzebulon
02eb3b5599
fix: rename system -> stdenv.hostPlatform.system
All checks were successful
/ check (push) Successful in 57s
Details 
nixos a supprime l'alias system
 2026-01-05 19:41:57 +01:00
Lzebulon
c36ea77671
open firewall for monitoring 2026-01-05 19:41:31 +01:00
Lzebulon
f4155bc8a8
add zamok safe ip 2026-01-05 19:40:23 +01:00
4 changed files with 53 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/physique/hyponix/services/fail2ban.nix
View file

@ -2,6 +2,10 @@
{ {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
ignoreIP = [
"zamok.crans.org"
];
}; };
services.openssh.settings.LogLevel = "VERBOSE"; services.openssh.settings.LogLevel = "VERBOSE";

34
modules/available/vaultwarden.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, ... }:
let
domain = "pass.${config.networking.domain}";
in
{
age.secrets = {
vaultwarden_secret = {
file = ../../secrets/services/vaultwarden.age;
owner = "vaultwarden";
};
};
services.vaultwarden = {
enable = false; # TODO: enable
# TODO: move to pgsql
#dbBackend = "postgresql";
environmentFile = config.age.secrets.vaultwarden_secret.path;
config = {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "::1";
ROCKET_PORT = 8222;
};
};
services.caddy.virtualHosts."${domain}" = {
extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}
'';
};
}

15
modules/common/monitoring.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
services.prometheus.exporters = { services.prometheus.exporters = {
node = { node = {
@ -9,6 +9,19 @@
"--collector.softirqs" "--collector.softirqs"
"--collector.tcpstat" "--collector.tcpstat"
]; ];
openFirewall = true;
};
postgres = {
enable = config.services.postgresql.enable;
}; };
}; };
services.caddy.globalConfig = "
metrics {
per_host
}
";
} }

2
tools/devshell.nix
View file

@ -8,7 +8,7 @@ pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
nil nil
nixpkgs-fmt nixpkgs-fmt
agenix.packages.${system}.default agenix.packages.${stdenv.hostPlatform.system}.default
]; ];
shellHook = '' shellHook = ''