diff --git a/systems/x86_64-linux/stargate/duckdns.nix b/systems/x86_64-linux/stargate/duckdns.nix index f788857..e78e8dd 100644 --- a/systems/x86_64-linux/stargate/duckdns.nix +++ b/systems/x86_64-linux/stargate/duckdns.nix @@ -17,14 +17,20 @@ systemd.services."duckdns" = { script = let duckdns = pkgs.writeShellScriptBin "duckdns" '' - TOKEN=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets."duckdns".path}) - REALV6=$(${pkgs.iproute2}/bin/ip -6 addr show dev enp3s0 scope global \ - | ${pkgs.gawk}/bin/awk '/inet6 2/{print $2}' \ - | ${pkgs.coreutils}/bin/cut -d/ -f1 \ - | ${pkgs.gnugrep}/bin/grep -E 'f9c4$' \ - | ${pkgs.coreutils}/bin/head -n1) - REALV4=$(${pkgs.curl}/bin/curl -s https://ifconfig.me --ipv4) - ${pkgs.coreutils}/bin/echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | ${pkgs.curl}/bin/curl -k -K - + TOKEN=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets."duckdns".path}) + REALV6=$(${pkgs.iproute2}/bin/ip -6 addr show dev enp3s0 scope global \ + | ${pkgs.gawk}/bin/awk '/inet6 2/{print $2}' \ + | ${pkgs.coreutils}/bin/cut -d/ -f1 \ + | ${pkgs.gnugrep}/bin/grep -E 'f9c4$' \ + | ${pkgs.coreutils}/bin/head -n1) + REALV4=$(${pkgs.curl}/bin/curl -s https://ifconfig.me --ipv4) + ${pkgs.coreutils}/bin/echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | ${pkgs.curl}/bin/curl -k -K - + + ${pkgs.coreutils}/bin/mkdir -p /etc/fail2ban/jail.d + ${pkgs.coreutils}/bin/cat > /etc/fail2ban/jail.d/duckdns-ignore.local < has been banned: jail has banned from accessing $(hostname) after attempts of hacking the system." | /run/wrappers/bin/sendmail -i fail2ban@localhost.com + actionban = ${pkgs.coreutils}/bin/echo " has been banned: jail has banned from accessing $(hostname) after attempts of hacking the system." | /run/wrappers/bin/sendmail -i fail2ban@localhost.com ''); # Defines a filter that detects URL probing by reading the Nginx access log "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/systems/x86_64-linux/stargate/services/ntfy-sh.nix b/systems/x86_64-linux/stargate/services/ntfy-sh.nix index 5cbd260..b1678b4 100644 --- a/systems/x86_64-linux/stargate/services/ntfy-sh.nix +++ b/systems/x86_64-linux/stargate/services/ntfy-sh.nix @@ -28,27 +28,4 @@ with lib.custom; { attachment-cache-dir = "/var/lib/ntfy-sh/attachments"; }; }; - - services.postfix = { - enable = true; - config = { - myhostname = "stargate.local"; - mydestination = "localhost, localhost.com"; - relayhost = ""; - transport_maps = "hash:/etc/postfix.conf"; - }; - }; - - environment.etc."postfix.conf".text = '' - localhost.com smtp:[127.0.0.1]:1299 - ''; - systemd.services.postmap-transport = { - description = "Generate postfix transport.db from transport"; - wantedBy = ["multi-user.target"]; - before = ["postfix.service"]; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.postfix}/bin/postmap /etc/postfix.conf"; - }; - }; } diff --git a/systems/x86_64-linux/stargate/services/postfix.nix b/systems/x86_64-linux/stargate/services/postfix.nix new file mode 100644 index 0000000..7e87e7d --- /dev/null +++ b/systems/x86_64-linux/stargate/services/postfix.nix @@ -0,0 +1,32 @@ +{ + pkgs, + lib, + config, + ... +}: { + services.postfix = { + enable = true; + config = { + myhostname = "stargate.local"; + mydestination = "localhost, localhost.com"; + + relay_domains = "notthebees.org"; + transport_maps = "hash:/etc/postfix.conf"; + inet_interfaces = "all"; + }; + }; + + environment.etc."postfix.conf".text = '' + localhost.com smtp:[127.0.0.1]:1299 + notthebees.org smtp:[127.0.0.1]:2525 + ''; + systemd.services.postmap-transport = { + description = "Generate postfix transport.db from transport"; + wantedBy = ["multi-user.target"]; + before = ["postfix.service"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.postfix}/bin/postmap /etc/postfix.conf"; + }; + }; +}