parent
4278db3000
commit
349fead960
3 changed files with 0 additions and 90 deletions
|
@ -2,7 +2,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
./modules/custom
|
./modules/custom
|
||||||
./modules/uptimed.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
@ -1,61 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
services.uptimed.enable = true;
|
|
||||||
environment.etc."uptimed.conf".text = ''
|
|
||||||
# Uptimed configuration file.
|
|
||||||
|
|
||||||
# Interval to write the logfile with in seconds.
|
|
||||||
UPDATE_INTERVAL=60
|
|
||||||
|
|
||||||
# Maximum number of entries in logfile. Set to 0 for unlimited.
|
|
||||||
LOG_MAXIMUM_ENTRIES=50
|
|
||||||
|
|
||||||
# Minimum uptime that must be reached for it to be considered a record.
|
|
||||||
LOG_MINIMUM_UPTIME=1h
|
|
||||||
|
|
||||||
# Minimum uptime before sending out e-mail.
|
|
||||||
MAIL_MINIMUM_UPTIME=1d
|
|
||||||
|
|
||||||
# Minimum position before sending out e-mail.
|
|
||||||
MAIL_MINIMUM_POSITION=10
|
|
||||||
|
|
||||||
# Email address to mail milestones/records to.
|
|
||||||
# Assumes sendmail compatible MTA installed as /usr/lib/sendmail.
|
|
||||||
# You can enable this below or with the -e option on the commandline.
|
|
||||||
EMAIL=root@localhost
|
|
||||||
|
|
||||||
# Send email? (0 = no way, 1 = yes please!, 2 = only for milestones,
|
|
||||||
# 3 = only for records)
|
|
||||||
SEND_EMAIL=0
|
|
||||||
|
|
||||||
# We need a sendmail compatible mailer, though.
|
|
||||||
SENDMAIL=${pkgs.msmtp}/bin/msmtp -t
|
|
||||||
|
|
||||||
# Where to note our PID
|
|
||||||
PIDFILE=/var/run/uptimed
|
|
||||||
|
|
||||||
# Milestones are configurable now.
|
|
||||||
# Syntax is pretty easy: MILESTONE=time:description
|
|
||||||
# Default time is in seconds, but it can be postfixed with "d", "w" or "y"
|
|
||||||
# for days/weeks/years.
|
|
||||||
# Keep in mind that the description needs to fit in the window.
|
|
||||||
MILESTONE=5d:five days
|
|
||||||
MILESTONE=10d:ten days
|
|
||||||
MILESTONE=25d:twenty-five days
|
|
||||||
MILESTONE=50d:fifty days
|
|
||||||
MILESTONE=10w:ten weeks
|
|
||||||
MILESTONE=75d:seventy-five days
|
|
||||||
MILESTONE=100d:hundred days
|
|
||||||
MILESTONE=150d:hundred and fifty days
|
|
||||||
MILESTONE=25w:twenty-five weeks
|
|
||||||
MILESTONE=200d:two hundred days
|
|
||||||
MILESTONE=250d:250 days
|
|
||||||
MILESTONE=300d:three hundred days
|
|
||||||
MILESTONE=50w:fifty weeks
|
|
||||||
MILESTONE=1y:one year
|
|
||||||
MILESTONE=400d:four hundred days
|
|
||||||
MILESTONE=500d:five hundred days
|
|
||||||
MILESTONE=100w:hundred weeks
|
|
||||||
MILESTONE=750d:750 days
|
|
||||||
MILESTONE=1000d:thousand days
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
table inet nixos-fw {
|
|
||||||
chain rpfilter {
|
|
||||||
type filter hook prerouting priority mangle + 10; policy drop;
|
|
||||||
meta nfproto ipv4 udp sport . udp dport { 68 . 67, 67 . 68 } accept comment "DHCPv4 client/server"
|
|
||||||
fib saddr . mark . iif oif exists accept
|
|
||||||
}
|
|
||||||
|
|
||||||
chain input {
|
|
||||||
type filter hook input priority filter; policy drop;
|
|
||||||
iifname "lo" accept comment "trusted interfaces"
|
|
||||||
ct state vmap { invalid : drop, established : accept, related : accept, new : jump input-allow, untracked : jump input-allow }
|
|
||||||
tcp flags syn / fin,syn,rst,ack log prefix "refused connection: " level info
|
|
||||||
}
|
|
||||||
|
|
||||||
chain input-allow {
|
|
||||||
tcp dport 22 accept
|
|
||||||
tcp dport 5432 accept comment "PostgreSQL server"
|
|
||||||
tcp dport 6443 accept comment "k3s"
|
|
||||||
icmp type echo-request accept comment "allow ping"
|
|
||||||
icmpv6 type != { nd-redirect, 139 } accept comment "Accept all ICMPv6 messages except redirects and node information queries (type 139). See RFC 4890, section 4.4."
|
|
||||||
ip6 daddr fe80::/64 udp dport 546 accept comment "DHCPv6 client"
|
|
||||||
}
|
|
||||||
|
|
||||||
chain forward-allow {
|
|
||||||
type filter hook forward priority filter; policy drop;
|
|
||||||
ip daddr 192.168.30.0/24 accept
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue