fix: add Caddy redir to fail2ban

update: update flake
fix: remove useless secureity updates
2026-03-14 18:46:38 -07:00 · 2026-03-14 18:46:26 -07:00 · 2026-03-14 18:40:23 -07:00 · 2026-03-14 18:40:08 -07:00 · 2026-03-14 18:39:29 -07:00 · 2026-03-14 18:39:13 -07:00
11 changed files with 40 additions and 32 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -45,6 +45,16 @@
    rsync
  ];

+  zramSwap = {
+    enable = true;
+    memoryPercent = 50;
+  };
+
+  services.openssh.hostKeys = [{
+    path = "/etc/ssh/ssh_host_ed25519_key";
+    type = "ed25519";
+  }];
+
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu jetthomaspham@gmail.com"
  ];
--- a/flake.lock
+++ b/flake.lock
@ -52,11 +52,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773025010,
-        "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=",
+        "lastModified": 1773506317,
+        "narHash": "sha256-qWKbLUJpavIpvOdX1fhHYm0WGerytFHRoh9lVck6Bh0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3",
+        "rev": "878ec37d6a8f52c6c801d0e2a2ad554c75b9353c",
        "type": "github"
      },
      "original": {
@ -88,11 +88,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1773282481,
-        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "lastModified": 1773389992,
+        "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
        "type": "github"
      },
      "original": {
--- a/modules/hardening.nix
+++ b/modules/hardening.nix
@ -35,6 +35,11 @@
      enable = true;
      maxtime = "24h";
    };
+    ignoreIP = [
+      "100.64.0.0/10"
+      "127.0.0.0/8"
+      "::1/128"
+    ];
  };

  # ── Kernel hardening ──
@ -79,10 +84,4 @@
  services.avahi.enable = false;
  services.printing.enable = false;

-  # ── Automatic security updates ──
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = false;
-    dates = "04:00";
-  };
 }
--- a/secrets/b2-account-id.age
+++ b/secrets/b2-account-id.age
--- a/secrets/b2-application-key.age
+++ b/secrets/b2-application-key.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 8KhtvA RPJwPm/DkUYfQlYSCa4s6KF5bV8ajDflEj+Gljgs1TI
-aP54VuO6RYP/tLPIzOHDgRIKs1AirPu3zkYuvVamTjE
-> ssh-ed25519 Ziw7aw DHkTEHLtrhSuSoNuv9zS5kgeKth3NtjUj8IVBiBch1k
-/P9kmTW0z3oTuBtd8wv+tfbBWP4Y1ObhPbwnLeCJO/U
--- 6OuUgwkLM+4RkVychG8IVWRb9es4WimS6KI6jxCyPn4
- ¨ü'Ï^xÉ`WAN;öÂzõ<7A>¤V£‡—±¹`“m´7ÐßöG‹7þvc½ó]æ`ÕåM#ª=Öµ<C396>#K
+-> ssh-ed25519 nN+I3Q pvBHHJ8gvyYbp4UC7m/ftbk0AsSqhger/w2V3VnD2B8
+5mkBZwujtIYxtI9uaSbbHvHqslW2zRqigWqA9DHNLBU
+-> ssh-ed25519 Ziw7aw MormurJwU7hFYfklN0G3AYJeG05fcfNP9P1uTL6woHQ
+N8C5yyyJQJdf3vH7ym5/AkLyEr2MLRjxd5EG0B5OGto
+--- t6FsZYSVfoqW8F9t4uIVqWajSV+eQ2t2VEC8Z3EJyIk
+›©ŸŽ€Áýß‹+¢ôÙÕ½ŽšcEH»!\®2‰úóº‡¢„ÞïXáÔèò DìD¥W#RøÃÒÌ×
--- a/secrets/discord-bot-token.age
+++ b/secrets/discord-bot-token.age
@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 8KhtvA 14QBStvnxOU5fDg/fBWu7Klun03DfblZhFV1vWn/u2w
-0/rGOHyVCh7AG0HBMCw8XAKkvKmtDXk32zDZFRVI+aE
-> ssh-ed25519 Ziw7aw agcXQVvCtH88gSFhJH+g4vJDHFyqfMc7haOmqCWCtBs
-ULjdXfTM1/3a6fXrqsH7rLPXCLOxT0DBbGnn5Y3znfo
--- rGogYk7dpYIqYP9Vg7oRu8ZghB0nYddMCpzz4GKCx0s
-3b¹0ª-j\>Cs.Ø@‘&,ô%4fC¦Þ¬1ÄEýÕ¢î~Í
ºêÈ<>°€Í³ëì2¤Û³ØúbÁ_2Ñ-åôÇ*õ‚C³ë~LÍœñºª=ûÏ(€ãŽQPþ+²û
-£6ê
+-> ssh-ed25519 nN+I3Q YmpwUlCii+a5JxJ7nYNJHRH/dqgabVrvRG4HAcDv80M
+3G5MM3gJ0RBZQXz3WUetiXSSGEl2y+E1ZgyJ7Xp+bzg
+-> ssh-ed25519 Ziw7aw 566UvTX3i6TgwVI+R+4xZMKDk2taODC4eSazhwnXpWs
+DlWnZMQuO2UQsji3NqB9hJf3a0U+3m8jrp6YOwyNVdc
+--- x6e0Gj888fGWJ99j/Vr995EwdilrY+kIFCsq5CKNAkQ
+îË)NCõp˜ÓØøÐcñ“và51o\ðœôi©mF<6D>s°¸µÿÿêü(
)¬Î7@2ÒÞOù®_wé£	[óªEàÕ[7ZåKx,Ør‚IÎ[ndˆmüNû¨þÀ²ìc¶
--- a/secrets/grafana-admin-password.age
+++ b/secrets/grafana-admin-password.age
--- a/secrets/grafana-secret-key.age
+++ b/secrets/grafana-secret-key.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 8KhtvA HwJeI2xpphSyhSacAqEdmnzbJxNEuRN2sLv+sK0XqQI
-11GS6HqXTQ0gksTZlJfVDwJ3PaLy1SD5D/J7QstK/bI
-> ssh-ed25519 Ziw7aw 5S4mq+b1VAaMrXZrUfYowGfU/wR6aSql3wVOsKnbJEQ
-c+DAvSndUItpBbFR1ce/SfL2AthJ7fW8Sdq+vja6L+s
--- wSQ+PDx7FR4mDl9Cw4ah/CS2JujL7uP+9ZexfD8KfgI
-ó}†šØ|–ßÖÂdõ‚LXå‘O€R U<>¾UÁ)Ê’'jgPpüšÙámx<>§C¡
BœVŸ@™Ò‘->é6üÔŸ’é¸&`Ñùø“
+-> ssh-ed25519 nN+I3Q NoHPLxNkUs3bwE/lxtFJkHamKo4UwHa7rFhkUz5uZUM
+KXs0AU1/wjd7yxnNRrQk8NNFD6XBZaNZNHLsT7hOLS8
+-> ssh-ed25519 Ziw7aw exDf6HgFViw+HSsvdqHdeVty06Krk3ku6vFJJMwi93A
+0S/vjoRdk+sYifgz/B3t7Nkd6JNtWsBoJzlAUP94cmw
+--- UTKoNnzmxwtve3lSyyLP52iQA0LT94Fr5sRsuVNJ6Y0
+ŸoR5xÃeþaT½ñ´Qs¡y§¶_üHgq¸3¿¨Ç;)HkäøØîžã¥<C3A3>€æÀòšßa µÁì7ÃæN—»'ž<<3C>M¨œs„§”
--- a/secrets/minecraft-seed.age
+++ b/secrets/minecraft-seed.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,5 +1,5 @@
 let
-  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9y+1CHA9RxeeJrkIblRErPvWTeTrqdNlQjxuRgMXN2";
+  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKa/qnwFfJkX6k3HhhytjW89er9DE9XThLc/DgphH6t";
  admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu";
 in
 {
--- a/secrets/tailscale-auth-key.age
+++ b/secrets/tailscale-auth-key.age
Author	SHA1	Message	Date
Jet	bee7677e43	fix: add Caddy redir to fail2ban	2026-03-14 18:46:38 -07:00
Jet	2cdeb462e5	update: update flake	2026-03-14 18:46:26 -07:00
Jet	7ddd1d4f42	fix: remove useless secureity updates	2026-03-14 18:40:23 -07:00
Jet	1c2911162b	fix: ignore the minecraft ips	2026-03-14 18:40:08 -07:00
Jet	c3e5a74f57	feat: add more swap	2026-03-14 18:39:29 -07:00
Jet	59ff6c1340	update: use the new remote ssh key	2026-03-14 18:39:13 -07:00