771cc58076
VPS public SSH: enable fail2ban with bantime-increment so brute-force probers get evicted with exponential backoff (1h → 4h → 16h → 2.7d → 10.7d, capped at 30d). Default jail covers sshd; maxretry=5 in 10m. server-debug-tools: htop, tcpdump, dnsutils, jq, curl. Imported by sunken-ship + phantom-ship via flake.nixosModules.server-debug-tools. These are the practical bits we'd otherwise pick up by enabling clan.core.enableRecommendedDefaults — but the full clan defaults flip systemd-networkd/resolved on, which broke dnsmasq + navidrome's resolv .conf bind-mount on the homelab servers, so we cherry-pick instead.
8 lines
327 B
Nix
8 lines
327 B
Nix
# Expose reusable NixOS modules via `flake.nixosModules`.
|
|
#
|
|
# Consume from a host's flake-module via:
|
|
# modules = [ config.flake.nixosModules.dotfiles-rebuild ];
|
|
{ ... }: {
|
|
flake.nixosModules.dotfiles-rebuild = ../modules/dotfiles-rebuild.nix;
|
|
flake.nixosModules.server-debug-tools = ../modules/server-debug-tools.nix;
|
|
}
|