dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: vps fail2ban + shared server-debug-tools module 🛡️

Browse source 
VPS public SSH: enable fail2ban with bantime-increment so brute-force
probers get evicted with exponential backoff (1h → 4h → 16h → 2.7d →
10.7d, capped at 30d). Default jail covers sshd; maxretry=5 in 10m.

server-debug-tools: htop, tcpdump, dnsutils, jq, curl. Imported by
sunken-ship + phantom-ship via flake.nixosModules.server-debug-tools.
These are the practical bits we'd otherwise pick up by enabling
clan.core.enableRecommendedDefaults — but the full clan defaults flip
systemd-networkd/resolved on, which broke dnsmasq + navidrome's resolv
.conf bind-mount on the homelab servers, so we cherry-pick instead.
This commit is contained in:
DannyDannyDanny 2026-04-25 13:51:19 +02:00
parent b8bc17f385
commit 771cc58076
4 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake-modules/clan.nix
View file

@ -126,6 +126,7 @@ in {
clanHostsModule
../nixos/hosts/sunken-ship.nix
config.flake.nixosModules.dotfiles-rebuild
config.flake.nixosModules.server-debug-tools
inputs.home-manager.nixosModules.home-manager
(hmModule {
user = "danny";
@ -165,6 +166,7 @@ in {
inputs.nix-openclaw.nixosModules.openclaw-gateway
../nixos/hosts/phantom-ship.nix
config.flake.nixosModules.dotfiles-rebuild
config.flake.nixosModules.server-debug-tools
inputs.home-manager.nixosModules.home-manager
(hmModule {
user = "danny";