myputer specific changes

homes/modules/server/fail2ban.nix

@@ -0,0 +1,17 @@
+{...}: {
+  # simple fail2ban config (not production ready or anything though)
+  # refer to: https://nixos.wiki/wiki/Fail2Ban
+  services.fail2ban = {
+    enable = true;
+
+    maxretry = 5;
+    bantime = "10m"; # 10 minute ban
+    bantime-increment = {
+      enable = true;
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # dont ban for more than 1 week
+      overalljails = true;
+    };
+  };
+}

homes/modules/server/nginx.nix

@@ -0,0 +1,35 @@
+{...}: {
+  services = {
+    # use nginx as the reverse proxy
+    # (also will use certbot and Let's Encrypt)
+    # refer to: https://nixos.wiki/wiki/Nginx
+    nginx = {
+      enable = true;
+
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+
+      # https://imbored.dev
+      virtualHosts = {
+        "imbored.dev" = {
+          forceSSL = true;
+          enableACME = true;
+          # config reverse proxy paths
+          locations = {
+            "/" = {
+              # TODO
+              proxyPass = "http://127.0.0.1:12345";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "eclarkboman@gmail.com";
+  };
+}

homes/modules/server/ssh.nix

@@ -0,0 +1,13 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    ports = [22];
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "no";
+      AllowUsers = null; # allow all users by default
+      UseDns = true;
+      X11Forwarding = false;
+    };
+  };
+}