From 5a0cb28f369c104bb371974df876c8c705b0ee7e Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 18 Mar 2023 16:21:45 +0100 Subject: Refactor: Use better file layout --- system/services/rust-motd/default.nix | 79 +++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 system/services/rust-motd/default.nix (limited to 'system/services/rust-motd/default.nix') diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix new file mode 100644 index 0000000..21bc1cd --- /dev/null +++ b/system/services/rust-motd/default.nix @@ -0,0 +1,79 @@ +{ + config, + pkgs, + ... +}: { + programs.rust-motd = { + enable = true; + enableMotdInSSHD = true; + refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) + settings = { + global = { + progress_full_character = "="; + progress_empty_character = "-"; + progress_prefix = "["; + progress_suffix = "]"; + time_format = "%Y-%m-%d %H:%M:%S"; + }; + + banner = { + color = "red"; + command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; + # if you don't want a dependency on figlet, you can generate your + # banner however you want, put it in a file, and then use something like: + # command = "cat banner.txt" + }; + + # [weather] + # url = "https://wttr.in/New+York,New+York?0" + # proxy = "http://proxy:8080" + + # [service_status] + # Accounts = "accounts-daemon" + # Cron = "cron" + + # [docker_status] + # Local containers MUST start with a slash + # https://github.com/moby/moby/issues/6705 + #"/nextcloud-nextcloud-1" = "Nextcloud" + #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database" + + uptime = { + prefix = "Uptime:"; + }; + + # [user_service_status] + # gpg-agent = "gpg-agent" + + #s_s_l_certs = { + # sort_method = "manual" + # + # certs = { + # CertName1 = "/path/to/cert1.pem" + # CertName2 = "/path/to/cert2.pem" + # } + #}; + + filesystems = { + root = "/"; + }; + + memory = { + swap_pos = "beside"; # or "below" or "none" + }; + + fail2_ban = { + jails = ["sshd"]; #, "anotherjail"] + }; + + last_login = { + sils = 2; + soispha = 2; + nightingale = 2; + }; + + last_run = { + }; + }; + }; +} -- cgit 1.4.1 From 64a554d1af2de6d07ebe61be1f5a3181a5f90b81 Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 25 Mar 2023 14:32:23 +0100 Subject: Fix(system/services/rust-motd): Add fail2ban binary --- system/services/rust-motd/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'system/services/rust-motd/default.nix') diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix index 21bc1cd..4f65dce 100644 --- a/system/services/rust-motd/default.nix +++ b/system/services/rust-motd/default.nix @@ -3,6 +3,15 @@ pkgs, ... }: { + systemd.services.rust-motd = { + path = builtins.attrValues { + inherit + (pkgs) + bash + fail2ban # Needed for rust-motd fail2ban integration + ; + }; + }; programs.rust-motd = { enable = true; enableMotdInSSHD = true; -- cgit 1.4.1 From 4758e5881daa1aa762c6e6e9734faea618dea70c Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 25 Mar 2023 14:32:56 +0100 Subject: Feat(system/services/rust-motd): Show status of ssl-certs --- system/services/rust-motd/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'system/services/rust-motd/default.nix') diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix index 4f65dce..100fcb4 100644 --- a/system/services/rust-motd/default.nix +++ b/system/services/rust-motd/default.nix @@ -54,14 +54,14 @@ # [user_service_status] # gpg-agent = "gpg-agent" - #s_s_l_certs = { - # sort_method = "manual" - # - # certs = { - # CertName1 = "/path/to/cert1.pem" - # CertName2 = "/path/to/cert2.pem" - # } - #}; + s_s_l_certs = { + sort_method = "manual"; + + certs = { + server1.vhack.eu = "/var/lib/acme/server1.vhack.eu/cert.pem"; + vhack.eu = "/var/lib/acme/vhack.eu/cert.pem"; + }; + }; filesystems = { root = "/"; -- cgit 1.4.1 From f84a9f6a80657d9c9f072a9338d46f7d8c2b79f5 Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 25 Mar 2023 14:33:48 +0100 Subject: Feat(system/services/rust-motd): Info about filesystems --- system/services/rust-motd/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'system/services/rust-motd/default.nix') diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix index 100fcb4..f21c0c4 100644 --- a/system/services/rust-motd/default.nix +++ b/system/services/rust-motd/default.nix @@ -65,6 +65,9 @@ filesystems = { root = "/"; + persistent = "/srv"; + store = "/nix"; + boot = "/boot"; }; memory = { -- cgit 1.4.1 From f21504ae85559a2b5a6381afeda451e1eb310f9d Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 25 Mar 2023 14:40:30 +0100 Subject: Fix(system/services/rust-motd): Quote ssl-cert names --- system/services/rust-motd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/services/rust-motd/default.nix') diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix index f21c0c4..1a41b32 100644 --- a/system/services/rust-motd/default.nix +++ b/system/services/rust-motd/default.nix @@ -58,8 +58,8 @@ sort_method = "manual"; certs = { - server1.vhack.eu = "/var/lib/acme/server1.vhack.eu/cert.pem"; - vhack.eu = "/var/lib/acme/vhack.eu/cert.pem"; + "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; + "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; }; }; -- cgit 1.4.1