44 lines
1 KiB
Nix
44 lines
1 KiB
Nix
{ ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
swapDevices = [
|
|
{
|
|
device = "/swapfile";
|
|
size = 16 * 1024;
|
|
}
|
|
];
|
|
services = {
|
|
fail2ban.enable = true;
|
|
fail2ban.maxretry = 5;
|
|
fail2ban.bantime = "1h";
|
|
fail2ban.ignoreIP = [
|
|
"172.16.0.0/12"
|
|
"192.168.0.0/16"
|
|
"10.0.0.0/8"
|
|
"tailc353f.ts.net"
|
|
];
|
|
|
|
fail2ban.bantime-increment = {
|
|
enable = true;
|
|
multipliers = "1 2 4 8 16 32 64 128 256";
|
|
maxtime = "24h";
|
|
overalljails = true;
|
|
};
|
|
tailscale.enable = true;
|
|
openssh.enable = true;
|
|
};
|
|
networking = {
|
|
domain = "";
|
|
hostId = "81238132";
|
|
hostName = "iofq-oracle-x840";
|
|
};
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcL53Gdrj5V9YDwKlCBIcgqiS+zHtOQpJlnOHTevJCJ e@t14''
|
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''
|
|
];
|
|
system.stateVersion = "23.11";
|
|
}
|