features/network/fail2ban.nix

@@ -16,6 +16,7 @@ with lib;
       environment.systemPackages = [ pkgs.fail2ban ];
       services.fail2ban = {
         enable = true;
+        #package = pkgs.legacy_2311.fail2ban;
         jails = { };
       };
     })

flake.lock

@@ -81,16 +81,15 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1730374010,
+        "lastModified": 1732311754,
-        "narHash": "sha256-nEw0d7gbH5vFdr+ps5zlRywzaQ6zjbHFoQLjYyHhIeg=",
+        "narHash": "sha256-iwOnUIYlBPdWNoBa01v5khGsFtsogQuAviG8n7kPORA=",
         "ref": "refs/heads/main",
-        "rev": "1bd3af310ea074d0ea9de6233376476c6ca9149a",
+        "rev": "0261d5905303090b0300042a06ae417953958e7a",
-        "revCount": 4535,
+        "revCount": 4841,
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
       },
       "original": {
-        "rev": "1bd3af310ea074d0ea9de6233376476c6ca9149a",
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
       }
@@ -146,11 +145,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730045523,
+        "lastModified": 1731746438,
-        "narHash": "sha256-W5Avk1THhZALXITHGazKfZbIZ5+Bc4nSYvAYHUn96EU=",
+        "narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "89e458a3bb3693e769bfb2b2447c3fe72092d498",
+        "rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8",
         "type": "github"
       },
       "original": {
@@ -633,11 +632,11 @@
     },
     "nixos-facter-modules": {
       "locked": {
-        "lastModified": 1730026316,
+        "lastModified": 1731843871,
-        "narHash": "sha256-AzP+trH/ykBJGTx3twkpuwbkhFSmsY1PJDQtRmK4k4c=",
+        "narHash": "sha256-aIy8m4jjr/BFXzniNzoH16sF7HEFV/01/5b3FhtUHrw=",
         "owner": "numtide",
         "repo": "nixos-facter-modules",
-        "rev": "15b6531d44aa6f0bbd2fd8309cd2a6d7f183ba32",
+        "rev": "5a1c2a28589e34f8a44d46dd1909cfacf928cb1a",
         "type": "github"
       },
       "original": {
@@ -1109,17 +1108,14 @@
         "nixpkgs": [
           "clan-core",
           "nixpkgs"
-        ],
-        "nixpkgs-stable": [
-          "clan-core"
         ]
       },
       "locked": {
-        "lastModified": 1729999681,
+        "lastModified": 1731862312,
-        "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
+        "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
+        "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
         "type": "github"
       },
       "original": {
@@ -1365,11 +1361,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729242555,
+        "lastModified": 1730321837,
-        "narHash": "sha256-6jWSWxv2crIXmYSEb3LEVsFkCkyVHNllk61X4uhqfCs=",
+        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "d986489c1c757f6921a48c1439f19bfb9b8ecab5",
+        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
         "type": "github"
       },
       "original": {

flake.nix

@@ -5,7 +5,7 @@
 
     clan-core.inputs.flake-parts.follows = "flake-parts";
     clan-core.inputs.nixpkgs.follows = "nixpkgs";
-    clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
+    clan-core.url = "git+https://git.clan.lol/clan/clan-core";
     clan-fact-generators.inputs.clan-core.follows = "clan-core";
     clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";

machines/chungus/configuration.nix

@@ -47,8 +47,6 @@
     ./service-atuin.nix
     ./service-forgejo.nix
     ./service-paperless.nix
-    ./service-paperless-backup.nix
-    ./service-paperless-healthchecks.nix
     ./service-s3.nix
     #./service-taskwarrior.nix
     ./service-vault.nix

machines/chungus/service-paperless-backup.nix

@@ -1,40 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  factsGenerator,
-  ...
-}:
-{
-
-  clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
-  clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
-
-  # backup
-  services.borgbackup.jobs."paperless-ngx" = {
-    paths = [ config.services.paperless.dataDir ];
-    repo = "root@orbi.bear:borg-${config.networking.hostName}-paperless";
-    compression = "auto,lzma";
-    startAt = "daily";
-    encryption = {
-      mode = "keyfile-blake2";
-      passCommand = "cat ${
-        toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
-      }";
-    };
-    environment = {
-      BORG_RSH = "ssh -i ${
-        toString
-          config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
-      }";
-      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
-    };
-    prune.keep = {
-      within = "3d"; # Keep all backups in the last 10 days.
-      weekly = 2; # Keep 8 additional end of week archives.
-      monthly = -1; # Keep end of month archive for every month
-    };
-    doInit = true;
-  };
-
-}

machines/chungus/service-paperless-healthchecks.nix

@@ -1,16 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  factsGenerator,
-  ...
-}:
-{
-
-  healthchecks.http.paperless = {
-    url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
-    expectedContent = "paperless.chungus.private";
-  };
-  healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
-
-}

machines/chungus/service-paperless.nix

@@ -2,6 +2,8 @@
   config,
   pkgs,
   lib,
+  nixos-artwork,
+  factsGenerator,
   ...
 }:
 {
@@ -34,6 +36,11 @@
   };
 
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
+  healthchecks.http.paperless = {
+    url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
+    expectedContent = "paperless.chungus.private";
+  };
+  healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
 
   services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
     serverAliases = [ "paperless.ingolf-wagner.de" ];
@@ -51,4 +58,34 @@
     };
   };
 
+  clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
+  clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
+
+  # backup
+  services.borgbackup.jobs."paperless-ngx" = {
+    paths = [ config.services.paperless.dataDir ];
+    repo = "root@orbi.bear:borg-${config.networking.hostName}-paperless";
+    compression = "auto,lzma";
+    startAt = "daily";
+    encryption = {
+      mode = "keyfile-blake2";
+      passCommand = "cat ${
+        toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
+      }";
+    };
+    environment = {
+      BORG_RSH = "ssh -i ${
+        toString
+          config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
+      }";
+      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
+    };
+    prune.keep = {
+      within = "3d"; # Keep all backups in the last 10 days.
+      weekly = 2; # Keep 8 additional end of week archives.
+      monthly = -1; # Keep end of month archive for every month
+    };
+    doInit = true;
+  };
+
 }