hosts/baal/default.nix at main · nekomimi.pet/nixcfg

nekomimi.pet / nixcfg

my nix configs for my servers and desktop

nixcfg / hosts / baal / default.nix

at main 1.3 kB view raw

 1{ config, lib, pkgs, modulesPath, inputs, ... }:
 2{
 3  imports = [
 4    ./hardware.nix
 5    ./secrets.nix
 6
 7    ../../common/system.nix
 8    ../../common/users.nix
 9    ../../common/services.nix
10
11    ../../host-secrets.nix
12  ];
13
14  boot = {
15    loader = {
16      systemd-boot.enable = true;
17      efi = {
18        canTouchEfiVariables = true;
19        efiSysMountPoint = "/boot";
20      };
21    };
22    initrd.systemd.enable = true;
23  };
24
25  system.stateVersion = "24.11";
26  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
27
28  systemd.targets.multi-user.enable = true;
29  
30  networking = {
31    hostName = "baal";
32    hostId = "aaaaaaaa";
33    networkmanager.enable = true;
34  };
35
36    services.fail2ban = {
37    enable = true;
38    # Ban IP after 5 failures
39    maxretry = 5;
40    ignoreIP = [
41      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"
42    ];
43    bantime = "24h"; # Ban IPs for one day on the first ban
44    bantime-increment = {
45      enable = true; # Enable increment of bantime after each violation
46      multipliers = "1 2 4 8 16 32 64";
47      maxtime = "168h"; # Do not ban for more than 1 week
48      overalljails = true; # Calculate the bantime based on all the violations
49    };
50  };
51
52  virtualisation.docker = {
53    enable = true;
54    enableOnBoot = true;
55  };
56
57  documentation.enable = false;
58}