ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:ce46f3571b2c08922fb09d71d24bd1a8287f0c3b
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
compare: ambroisie:fc8ccb8b990730bc95be0a08f499a77b17779aea
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

3 commits
ce46f3571b ... fc8ccb8b99

Author SHA1 Message Date
Bruno BELANYI
fc8ccb8b99 modules: services: pirate: add fail2ban jails
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-09-03 12:43:46 +02:00
Bruno BELANYI
14bf03e5fd modules: services: pirate: refactor 
This will make adding fail2ban jails easier.
 2023-09-03 12:42:29 +02:00
Bruno BELANYI
adc4ce9d8a modules: services: indexers: add prowlarr fail2ban 2023-09-03 12:21:35 +02:00
2 changed files with 70 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/services/indexers/default.nix
View file

@ -60,6 +60,22 @@ in
port = prowlarrPort;
}
];
services.fail2ban.jails = {
prowlarr = ''
enabled = true
filter = prowlarr
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/prowlarr.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=prowlarr.service
'';
};
})
];
}

69
modules/services/pirate/default.nix
View file

@ -13,26 +13,65 @@ let
sonarr = 8989;
};
managers = with lib.attrsets;
(mapAttrs
(_: _: {
enable = true;
group = "media";
})
ports);
mkService = service: {
services.${service} = {
enable = true;
group = "media";
};
};
redirections = lib.flip lib.mapAttrsToList ports
(subdomain: port: { inherit subdomain port; });
mkRedirection = service: {
my.services.nginx.virtualHosts = [
{
subdomain = service;
port = ports.${service};
}
];
};
mkFail2Ban = service: {
services.fail2ban.jails = {
${service} = ''
enabled = true
filter = ${service}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${service}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${service}.service
'';
};
};
mkFullConfig = service: lib.mkMerge [
(mkService service)
(mkRedirection service)
];
in
{
options.my.services.pirate = {
enable = lib.mkEnableOption "Media automation";
};
config = lib.mkIf cfg.enable {
services = managers;
my.services.nginx.virtualHosts = redirections;
# Set-up media group
users.groups.media = { };
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# Set-up media group
users.groups.media = { };
}
# Bazarr does not log authentication failures...
(mkFullConfig "bazarr")
# Lidarr for music
(mkFullConfig "lidarr")
(mkFail2Ban "lidarr")
# Radarr for movies
(mkFullConfig "radarr")
(mkFail2Ban "radarr")
# Sonarr for shows
(mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
]);
}