diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:11:40 +0100 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:14:35 +0100 |
commit | 706963c3547b42b98e6a92f62aa6c79fd09358ad (patch) | |
tree | e03eb19b210b401cd76604945a6d418f0374c9a0 | |
parent | fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos` (diff) | |
download | nixos-server-706963c3547b42b98e6a92f62aa6c79fd09358ad.zip |
refactor(system/services/rust-motd): Migrate to `by-name`
-rw-r--r-- | modules/by-name/ru/rust-motd/module.nix | 92 | ||||
-rw-r--r-- | system/services/default.nix | 1 | ||||
-rw-r--r-- | system/services/rust-motd/default.nix | 91 |
3 files changed, 92 insertions, 92 deletions
diff --git a/modules/by-name/ru/rust-motd/module.nix b/modules/by-name/ru/rust-motd/module.nix new file mode 100644 index 0000000..a6998f4 --- /dev/null +++ b/modules/by-name/ru/rust-motd/module.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.rust-motd; + + # List all users that can login + pred = n: v: ( + false # <- just here for neat formatting + || v.initialHashedPassword != null + || v.initialPassword != null + || v.hashedPassword != null + || v.hashedPasswordFile != null + || v.password != null + || v.passwordFile != null + || v.openssh.authorizedKeys.keys != [] + || v.openssh.authorizedKeys.keyFiles != [] + ); + userList = builtins.mapAttrs (n: v: 2) (lib.filterAttrs pred config.users.users); +in { + options.vhack.rust-motd = { + enable = lib.mkEnableOption "rust-motd"; + }; + + config = lib.mkIf cfg.enable { + systemd.services.rust-motd = { + path = with pkgs; [ + bash + fail2ban # Needed for rust-motd fail2ban integration + ]; + }; + + programs.rust-motd = { + enable = true; + enableMotdInSSHD = true; + refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) + + # An example is here: https://raw.githubusercontent.com/rust-motd/rust-motd/refs/heads/main/example_config.toml + settings = { + global = { + progress_full_character = "="; + progress_empty_character = "-"; + progress_prefix = "["; + progress_suffix = "]"; + time_format = "%Y-%m-%d %H:%M:%S"; + }; + + banner = { + color = "red"; + command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; + # if you don't want a dependency on figlet, you can generate your + # banner however you want, put it in a file, and then use something like: + # command = "cat banner.txt" + }; + + uptime = { + prefix = "Uptime:"; + }; + + # ssl_certificates = { + # sort_method = "manual"; + # + # certs = { + # "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; + # "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; + # }; + # }; + + filesystems = { + root = "/"; + persistent = "/srv"; + store = "/nix"; + boot = "/boot"; + }; + + memory = { + swap_pos = "beside"; # or "below" or "none" + }; + + fail2_ban = { + jails = ["sshd"]; #, "anotherjail"] + }; + + last_login = userList; + + last_run = {}; + }; + }; + }; +} diff --git a/system/services/default.nix b/system/services/default.nix index b8b617e..fc3ccb3 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -11,7 +11,6 @@ ./murmur ./nix ./restic - ./rust-motd ./taskserver ]; } diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix deleted file mode 100644 index 1a41b32..0000000 --- a/system/services/rust-motd/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - config, - pkgs, - ... -}: { - systemd.services.rust-motd = { - path = builtins.attrValues { - inherit - (pkgs) - bash - fail2ban # Needed for rust-motd fail2ban integration - ; - }; - }; - programs.rust-motd = { - enable = true; - enableMotdInSSHD = true; - refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) - settings = { - global = { - progress_full_character = "="; - progress_empty_character = "-"; - progress_prefix = "["; - progress_suffix = "]"; - time_format = "%Y-%m-%d %H:%M:%S"; - }; - - banner = { - color = "red"; - command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; - # if you don't want a dependency on figlet, you can generate your - # banner however you want, put it in a file, and then use something like: - # command = "cat banner.txt" - }; - - # [weather] - # url = "https://wttr.in/New+York,New+York?0" - # proxy = "http://proxy:8080" - - # [service_status] - # Accounts = "accounts-daemon" - # Cron = "cron" - - # [docker_status] - # Local containers MUST start with a slash - # https://github.com/moby/moby/issues/6705 - #"/nextcloud-nextcloud-1" = "Nextcloud" - #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database" - - uptime = { - prefix = "Uptime:"; - }; - - # [user_service_status] - # gpg-agent = "gpg-agent" - - s_s_l_certs = { - sort_method = "manual"; - - certs = { - "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; - "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; - }; - }; - - filesystems = { - root = "/"; - persistent = "/srv"; - store = "/nix"; - boot = "/boot"; - }; - - memory = { - swap_pos = "beside"; # or "below" or "none" - }; - - fail2_ban = { - jails = ["sshd"]; #, "anotherjail"] - }; - - last_login = { - sils = 2; - soispha = 2; - nightingale = 2; - }; - - last_run = { - }; - }; - }; -} |