fiddeling around with fail2ban and unlock via ssh

components/network/fail2ban.nix

@@ -11,6 +11,7 @@ with lib;
       environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
       services.fail2ban = {
         enable = true;
+        #package = pkgs.legacy_2311.fail2ban;
         jails = { };
       };
     })

components/network/sshd/default.nix

@@ -74,6 +74,7 @@ in
     (mkIf cfg.sshguard.enable {
       environment.systemPackages = [ pkgs.ipset ];
       services.sshguard.enable = lib.mkDefault true;
+      #boot.kernelModules = ["xt_set"];
     })
 
     (mkIf (cfg.onlyTincAccess && cfg.enable) {

components/nixos/tor-ssh.nix

@@ -64,7 +64,7 @@ with types;
       #};
 
       # tor setup
-      clan.core.facts.services.initrd_tor = factsGenerator.tor { name = "initrd"; };
+      clan.core.facts.services.initrd_tor = factsGenerator.tor { name = ""; };
 
       boot.initrd.secrets = {
         "/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.priv".path;

flake.nix

@@ -462,8 +462,8 @@
               homeManagerModules
               stylixModules
               srvos.nixosModules.hardware-hetzner-online-intel
-              srvos.nixosModules.server
+              #srvos.nixosModules.server
-              srvos.nixosModules.mixins-terminfo
+              #srvos.nixosModules.mixins-terminfo
               {
                 # not needed for servers in general
                 boot.initrd.systemd.emergencyAccess = false;

machines/orbi/configuration.nix

@@ -53,6 +53,9 @@
   components.network.fail2ban.enable = true;
   components.network.sshd.sshguard.enable = false;
 
+  components.nixos.boot.enable = true;
+  components.nixos.boot.tor.enable = false;
+
   components.monitor.enable = true;
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
   networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];