(T)im's N(ix) Flake, Multi-Host Configurations for all of my machines! 74k1.sh/
nixos nix
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(knights): nginx changes

74k1 8d339e6a b30308e9

+38 -5
+38 -5
hosts/nixos/knights/configuration.nix
··· 70 70 sshd.settings = { 71 71 enabled = true; 72 72 port = "ssh"; 73 + banaction = "iptables-multiport"; 74 + bantime = "1h"; 73 75 filter = "sshd[mode=agressive]"; 74 76 maxretry = 1; 75 - bantime = "1h"; 77 + }; 78 + 79 + nginx-bad-request.settings = { 80 + enabled = true; 81 + port = "http,https"; 82 + filter = "nginx-bad-request"; 83 + 84 + banaction = "iptables-multiport"; 85 + findtime = 300; 86 + logpath = "/var/log/nginx/access.log"; 87 + }; 88 + 89 + 90 + nginx-botsearch.settings = { 91 + enabled = true; 92 + port = "http,https"; 93 + filter = "nginx-botsearch"; 94 + 95 + logpath = "/var/log/nginx/access.log"; 96 + banaction = "iptables-multiport"; 97 + maxretry = 2; 98 + findtime = 300; 99 + }; 100 + 101 + nginx-http-auth.settings = { 102 + enabled = true; 103 + port = "http,https"; 104 + filter = "nginx-http-auth"; 105 + 106 + logpath = "/var/log/nginx/error.log"; 107 + banaction = "iptables-multiport"; 76 108 }; 77 109 78 110 nginx-stream-ssh-proxy.settings = { 79 111 enabled = true; 80 112 filter = "nginx-stream-ssh-proxy"; 81 - logpath = "/var/log/nginx/error.log"; 82 113 backend = "auto"; 114 + banaction = "iptables-multiport"; 115 + bantime = "1h"; 83 116 findtime = "10m"; 117 + logpath = "/var/log/nginx/error.log"; 84 118 maxretry = 2; 85 - bantime = "1h"; 86 119 }; 87 120 }; 88 121 ··· 250 283 251 284 # Configure SSH forwarding for Forgejo 252 285 streamConfig = '' 253 - upstream git-ssh { 286 + upstream forge_ssh { 254 287 server 10.100.0.1:2277; 255 288 } 256 289 257 290 server { 258 291 listen 22; 259 292 proxy_protocol on; 260 - proxy_pass git-ssh; 293 + proxy_pass forge_ssh; 261 294 } 262 295 ''; 263 296