diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:11:40 +0100 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 17:14:35 +0100 |
commit | 706963c3547b42b98e6a92f62aa6c79fd09358ad (patch) | |
tree | e03eb19b210b401cd76604945a6d418f0374c9a0 /modules | |
parent | fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos` (diff) | |
download | nixos-server-706963c3547b42b98e6a92f62aa6c79fd09358ad.zip |
refactor(system/services/rust-motd): Migrate to `by-name`
Diffstat (limited to 'modules')
-rw-r--r-- | modules/by-name/ru/rust-motd/module.nix | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/modules/by-name/ru/rust-motd/module.nix b/modules/by-name/ru/rust-motd/module.nix new file mode 100644 index 0000000..a6998f4 --- /dev/null +++ b/modules/by-name/ru/rust-motd/module.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.rust-motd; + + # List all users that can login + pred = n: v: ( + false # <- just here for neat formatting + || v.initialHashedPassword != null + || v.initialPassword != null + || v.hashedPassword != null + || v.hashedPasswordFile != null + || v.password != null + || v.passwordFile != null + || v.openssh.authorizedKeys.keys != [] + || v.openssh.authorizedKeys.keyFiles != [] + ); + userList = builtins.mapAttrs (n: v: 2) (lib.filterAttrs pred config.users.users); +in { + options.vhack.rust-motd = { + enable = lib.mkEnableOption "rust-motd"; + }; + + config = lib.mkIf cfg.enable { + systemd.services.rust-motd = { + path = with pkgs; [ + bash + fail2ban # Needed for rust-motd fail2ban integration + ]; + }; + + programs.rust-motd = { + enable = true; + enableMotdInSSHD = true; + refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) + + # An example is here: https://raw.githubusercontent.com/rust-motd/rust-motd/refs/heads/main/example_config.toml + settings = { + global = { + progress_full_character = "="; + progress_empty_character = "-"; + progress_prefix = "["; + progress_suffix = "]"; + time_format = "%Y-%m-%d %H:%M:%S"; + }; + + banner = { + color = "red"; + command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; + # if you don't want a dependency on figlet, you can generate your + # banner however you want, put it in a file, and then use something like: + # command = "cat banner.txt" + }; + + uptime = { + prefix = "Uptime:"; + }; + + # ssl_certificates = { + # sort_method = "manual"; + # + # certs = { + # "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; + # "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; + # }; + # }; + + filesystems = { + root = "/"; + persistent = "/srv"; + store = "/nix"; + boot = "/boot"; + }; + + memory = { + swap_pos = "beside"; # or "below" or "none" + }; + + fail2_ban = { + jails = ["sshd"]; #, "anotherjail"] + }; + + last_login = userList; + + last_run = {}; + }; + }; + }; +} |