From 7c8cd6121b9c1839f524b7969a40e5413b4f7b8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Gir=C3=A3o?= <git@rafael.ovh>
Date: Mon, 8 Jul 2024 09:38:13 +0100
Subject: [PATCH] small improvements

---
 hosts/spy/machine.nix    |   4 ++--
 modules/core/default.nix |   2 +-
 modules/sshguard.nix     |   2 ++
 secrets/SSH-config.age   | Bin 2046 -> 2108 bytes
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hosts/spy/machine.nix b/hosts/spy/machine.nix
index 67d1ceb..1e2b440 100644
--- a/hosts/spy/machine.nix
+++ b/hosts/spy/machine.nix
@@ -55,7 +55,7 @@ in
 
   rg = {
     ip = "192.168.10.6";
-    ipv4 = "192.168.1.80";
+    ipv4 = "192.168.1.50";
     machineId = "42ef768cc806409b923c6044269f9902";
     machineType = "intel";
     class = "server";
@@ -184,7 +184,7 @@ in
       useACMEHost = "rafael.ovh";
       extraConfig = ''
         encode zstd gzip
-        reverse_proxy http://192.168.1.1:80
+        reverse_proxy http://192.168.1.254:80
       '';
     };
     "cloud.${fqdn}" = {
diff --git a/modules/core/default.nix b/modules/core/default.nix
index 17d9275..3c42015 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -90,7 +90,6 @@ in
   networking = {
     inherit (config.rg) domain;
     usePredictableInterfaceNames = false;
-    interfaces.eth0.useDHCP = lib.mkDefault true;
     firewall = {
       enable = true;
       allowedTCPPorts = [
@@ -119,6 +118,7 @@ in
   environment.pathsToLink = [ "/libexec" ];
 
   users.mutableUsers = false;
+  users.defaultUserShell = pkgs.fish;
 
   users.users.rg = {
     uid = 1000;
diff --git a/modules/sshguard.nix b/modules/sshguard.nix
index b735348..d76ecf4 100644
--- a/modules/sshguard.nix
+++ b/modules/sshguard.nix
@@ -2,5 +2,7 @@ _: {
   services.sshguard = {
     enable = true;
     whitelist = [ "192.168.10.0/24" ];
+    blacklist_file = "/pst/var/lib/sshguard/blacklist.db";
+
   };
 }
diff --git a/secrets/SSH-config.age b/secrets/SSH-config.age
index bf8215791eb0ae12bc7e4d34af969539eac81867..950b36bb2b2c7dfaa6c98e97e888e4f19a2ca77e 100644
GIT binary patch
delta 2048
zcmV+b2><u~54;eNEPrESc|v+}bxLz)L26G_aW->jM`A~HQFv=BR846zLp67LPi9AU
zY+-LgRSI-fI8ib=RBmxEPfa&OaaC|?Z*5RyO-wOHMPxNiR5WR4S#2w5FK%j5YYHts
zAaiqQEoEdfH8n9gAT>oaM|fu-c`#F0YhrkAd2}yiHf}|5ct$~2Fh^8*Z%Qj{Q+7!<
zHZVm_Pjxm;PfdDn3Pf&aXjoKdW<@h?a#UzELt;lyOGs=?Q)*ddVo_5$VlY!pLsm9M
zSZZ=-k?|K-MNCdOa%x03MQ3p`M@dUVb!}H_Yc(}dGj>BXI7M$^R##DZctkR6R6;Zg
zZg)>{K}&Hmc|vAKVN*#~FHTK&Y-wR?Y(_+AZB#-*XI4*7Rdi=JZDm1|UjY|?Id)S)
zVOe-edMi~cH+Mp0Y%oK3M@dydF?nQ9Vo`HxH$!G|H)=9iWmRViaW6DwHcCuHL`-l*
zGeuD~GGSO&N@;U9I7u{TYiD^@HEv3CP%mY1W=BB^Ej}P{X?87eGBq|JI7nn!SV15`
zI8HfeT54A?L~CPLWmai#N>X%xT31Ogc0y@cRzYcaVRcz%S8s4(SXWX~3N(03Idm^G
zXgEx8L2Gqpc}8_tX);!4WJ)!1M{a2=Ms;OQNMvm_S5Rz83N0-yAX!RKG%{8-WI1&;
zH8x5ya&J;WST<u(YC>f}LQ+g)S8HudY;16CG;=mM3YCfQJ<420PByiFzSvjAw>z`b
z>!IqX!6XFK5?6pOom4e~?JjSj8&E1B;Dt~D3_k_P{d4-q#C4tei^=U<69P25p@Keu
z-h_Xx1grA&?fT|4VntLXs{cCUNa#+E^qAn;1DT0F_r=T8Le*4O-aATy_kOd<{eAtn
zwe8>#c*%R;04k>9GGe)Z=!9-cM3jJt))scvN$l>Wq4@^rQv#6j=|nZj5#~alv=uWH
zp3OEVA;BIyu@g+>!jweSX|(xKbcy?AfbxxfHdB*_4eV}Xdgrd$jy5a+eSPN_b7`IV
zkKdFBH*WqmB3H6Xb7_KNY|0!PNIG@#EjASpWNnpG8ma;@P5@<psPdvR6-^=d@9g&H
zvAq{#@}j_B8u2c74BClZ@9=jc1z+2%7ID4{tO2Wn1Xh%*)OZM@5sGc*8Fys#0RjFG
z5b??^b~LjZxw#hK?9@|YOXLqlz?y^$QO<c=ym%=wZKQy?&z9&0pm5fm)Kj>DUlGFj
zEs#_hz9RBX^5^A$1X>j)Vo$O|-37QdeSrV|%efrZwsevn6u}g=zSH}6nqah&XT%yX
zzFjuM;rg*Ax!zKMS0<_Dbi1`sr5D%3j%ujLziK$S^YW;P#hnmbq3edoC||#haRPB|
z4r~T?s2{n%-DZ{9j7psq?*4Y3!|1w;v1R%11wHcv3xD;0t(Q|Cyo+3by_@Xl7TLEd
z^1fWOe4(3~9U4+t+@%g5%4+DeJaP{>3<8G^m%}3zJZJ);nIm<$7;2@7$lRK{fK!|L
zwi_TP7r0r0CyP@?Rz>KAh)Vt|0UI7g%C0f8K82W;R~<yg*8W5+>++F16m2SDl%PX*
z!PxrE;Yb{R1x9=xpORW3Y_AWGGq+VCx}iCfkCE^<abZYd@e{O5tW84NV+<n9%WDxd
z>%(7GvQN=pBGW!ITu?`csdU3qamJ)G_~9W9xK6T@6Uq1PZ~R9|pwf=(l5JJ(W9#q6
zIPP)Hou2`$mh*q0?6>N(HeiTEawr(VxhUnr%aZPY%pzc|&VjBM%v<*+mMx>5&$b%z
znk9?{WF!TVZ~UvMo+N;#@ojwc!dvVa*O*0+bBXo=wYG;F9qQ9rOdtE=_caQbeU_CJ
z6*YQ%-jV(FIiKYdeGIR11X~*JY@I*0b&C47x~<$Kd|dO7YCPE(CN1jh;J<d<$5Xmy
z^}=9(LxM(?3#igjT_`Y2IvGxuN&%sNBD<|<X$7)bPCKG^YoH1!3K5^yu&f>PEw2yS
z?n|EaC(Qq@WD7cs=N9P)6!)>}yrAYE64*0^m;vUd&#aAu0)-umqbz`;u9aLv4T?!z
zYv|x9Ma60MN|+GA4!7DOpSujuL=-8AwkTeIOyIG)6sELjF!H;{)FlKf^wg;z>gD8O
zplVES5gu#_y_f5aHi5$oW$#nJWMe_e6miSe3dS%INEVAiScyELeo&^VNn`kYv{b9m
z?kkn4mx-iJ@YPZQx`z+UP+h_5pO?lp&C4K|)L&rb3YndL21=QhEeBy;Q$gA~Qq})|
zq6HV;??9kLHzb^<54%X=m=9H;>;c~$aI+R;T0A5BKqWOV+k-3WVHrX-RDhWld30Q<
zSsp&mcgfSYJ!na2^x>wCrTWE>qBD$?dAc9^6%GrbEPkO*Lw};Ob&M;pn_Ld!cr4%j
z#9FzdB=(v$!3f4ekk2|Lbqg;|%&c#JXp$5d%m!Z`oBY-8TXwKjvWqtUwv}P+atkT#
z0lgHm04GLsFnEK4@a(*mFYJ7cXxKeOX1lD$i%sGK4aiFms!Vcz>O%wNRo~%3r(^Lb
ztrfSgFf@WWZ7Wb;#=E^q{pf?aA(v}0Kx$GL^LxDZX+JV!#14n;6}{>wvS8{{Uc`Cd
z1y-#?^?MR98jw#u$W_Hgesb4ku9hehlQGPp%#yy;p4jqq#74675WfO#+d#i=Tl%$~
e3QBaM0Jh~J3u!YKnH09h*E^!~1Ao0%kgvA4+n+T6

delta 1986
zcmV;z2R-<_5dII4EPr8laY;04VooqNM0H4UW;AR`PjfX!ZDmVLD|c~bHfd)?Z8tP#
zNKs>Wa|&52dRkFKK}su2SVmM)VQWWDFnMQ0cq=eyK}2UqXJR%&LRvOTLuX7zK?*HC
zAaiqQEoEdfH8n9gAT>oaM|fu-Qe;O@VNqB`cx-e=S4S~rVMcH<ab;{xFl%u&b5(jP
zPGL!9O=fXQO>S#A3VAhXNl#=nZZU0RQBp#4QBGz}WOHgpG*(r1N@+$;dSg^LI7?$s
zc4lKmk?|K-GBQF`FiKBLQAT<+ZEj*pVlQY~MKV%lVN5YgOJaIBVRdw6WO74vOlM;X
zNoXr%MNU*>R%um6bv03KD>gPyS#LE^K}2^rcQ846VpK9&dSzjES7URNUjY|?G-Oy%
zQZh7WSZ7c+H(7Z$WmivEHf2?Ab4yfOXJJ%RL^&&Ab80zIQASk?Nq9|JGiP>XQ886;
zayc_AWn)xUW@JKmOEGUSQZjC3Oldf7cuGuSSZYlQEj}P{X?87eGBq|JI7nn!SV15`
zcw=;TS~PS)QEEXkM`~y?YHU+~Rx?_9QdenMYC&yPT1G2%W>_z4Hcw|v3S%#5N^N3t
zFK2o|VoGy)XL)Q%ZaG(SLs?W=O-pBPZEs0dHaKcYYfLyr3N0-yAaZ6oQhHWyHcC!$
zdNOH5cS=q(WN1uSXmU|gS}`_KRyk`=HcB{HSW9>`3ei(x*SK#YIed<P0U5S(0cGE^
zkP3|Y0ND@d=y9jcTRuMSrAMhMgrrI+m}PpWzV6I<V>Q#tl1Vx=Z^{lQ&Y%)y@X9qU
zeKRD+l|=3R+w!SE+ez`Vw|=@ZonJ&&y?*n|S(|uH94aGFJWle-Y0Ardre}_vY$dlH
z$v-M5EWl`JZ_*!&xiM0IpHZ$dVlH9r>PvdUT)P&kU@dDxAmBI_$wgImsE=)OS}@Ot
zH2t^pD^&a=?jE@Po##m%IH2gB)`A>J?tdr{sMAkOn74%jTmBzaSlY_rz#9}O%`u1}
zYowNNhRrbOjBUrcU1^<}bT46f-X(DWRIz>P4LEneokgm}I+bdF7Guot00AY;m6+;l
zTt}4%u#$FMsS~rNM>JUPOpK+NyrSJ<3^AfnEvO7@tMRg@+l0~?O`0F@cLxto+NDur
zA8aB`PRDT|nT!F-i0`h0K(rsGEHY0*?e?i33#(#~xkBykVc0&=j3;wxr|#Q6{RGff
zFtWc?fU37>qIo@kaVOI}qSE@mT3kxmTlRDk_#T)+O8-q%&jN3MxQzxxO~cG=n+Q-Z
zw{RPHZbX<dyz4J3@eo6Xwr)X;F!Z2;kMX|!|1~No@|Dv5(=_*Y31ee9P7)3YUonnj
z#DWHQ9DuL)kSK){g7~BB4>w=k?#y=y5kw%dL45B>S&XND!Rpb|{{vb78o&~JGYl&Z
zetas%se$@%D>G!K<>*XGQ;E+d{d7KrL>8$s=IeaJ8CF9Q6{n+wq;;={mPOA37c0Z|
zqdyGSMsAZ?0PYVscp{liU>TrU$cfPEMNx{7*8Q;5{cK7@W7mFI8b<~VLX54=W)i6R
zLxrz=Ey9F<(Dk0+bPLw)C29gBj~Ru?ZlGI%bAzK^w>%(6J_t~bJfT}>7y}=a@`FHr
z(oR=%JA7o0a8t2xQBn(?p1kxJi#393xSuRikk8mFsIXB1-E>RDtMsnI2G}B^t4HM9
z!4EZ#ARVGO8oT@rfjVj!bs`HW!t~xsejV#K8I_HH^J&OniBi>HQR?`WAzt<-jv@yb
zPCQi%&}}M@_X!bsW7+L!NEZ#AdAATm(x(2yf2PlDQKum>mivD&z>04;p5~$LuFC9v
z9p8}hyUeJv&a+QLw-!-KW(WQ*ilq{#;HZ=n8CzMvC||n<$3~jHO3yWv_WZy&RDdep
zz4iTndeXomo2c*@&$1|e0H{%nb)mkx=`728F^z5*BJ_F(p@uqgWu<$pt%nWdz2GtV
z_g1E2Vn?rWpKj07a@w=5dk0>JialLVM?rRz+QRh+?|W8yeuB}{MOUhgPCSQ)!d`UR
zhK&6wFy4N!IFX+yPfJ<o$oI7NKcROB81-|1sqgZ@8NWWaP<e5(Py0q&C)On1@HZeT
zPZ<-YrGmN#r#@4~0BF_X-%LKx&zYA_XS_m@ZJ09&|5yAvhdf86lyHzBOlqhX?jY$C
zgEVXd`RNC%2fQZh;L6+~4rKpB(v&%xprynkoPbUXy}ec^hCUSneMbKgP0GoqKd>%;
zbhON(P04Eo)lWI6JO!EsHdtoWQ~ZkQWL^w3Cye|gh=xHJP0`H-=+Y&UBQyfqG{}1M
z&cv4z7zr8@59PP6rcN`d=IIlw;8KQ&)Qk*uLFm^#IF(v2sz%^XE8ykEsX+nMo&C*t
zs7~{>eLDB)mGl0{)-Tf1ON}F+5Ej9I56r`zU~H<)c8hDHn4{@yaw>60+MjJ!od#f>
z20k;;*>z>USUj9k0X}RK229N}!0?`6qsM@cZ1NrW3&RfAlzF49YfP|XkA<T`Q>tFl
zfl(p-pf#j9Wx`e?5lcueWn}{4Xw9#-|44+kR3D?yhjt_**bk^?(dN<(9nMG<qXfBX
U7O|bPYaI~D)2=U^4A~a6ge%r?DF6Tf