jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: rate limits, fail2ban, readme, secret scheme

Browse source
This commit is contained in:
Jet Pham 2026-03-04 16:32:53 -08:00
parent ad8cb52169
commit bb20443241
No known key found for this signature in database
4 changed files with 96 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

20
README.md
View file

@ -6,9 +6,13 @@ services:
- forgejo (git.extremist.software)
- stalwart (mail.extremist.software)
- searxng (search.extremist.software)
- conduit (matrix.extremist.software)
- caddy (reverse proxy)
- synapse (matrix.extremist.software)
- grafana/prometheus (status.extremist.software)
- uptime-kuma (uptime.extremist.software)
- ntfy (ntfy.extremist.software)
- mymx (mymx.extremist.software)
- caddy (reverse proxy + rate limiting)
- fail2ban
## Deployment
@ -39,15 +43,15 @@ nix run github:nix-community/nixos-anywhere -- --store-paths \
root@<TARGET_IP> | tee install.log
```
### 3. Update Existing Server (No Wipe)
Once the server is running NixOS, use `nh` to push updates. This repository provides `nh` via `direnv` (loaded from `flake.nix` devShell), so just run `direnv allow` first.
### 4. Update Existing Server (No Wipe)
Once the server is running NixOS, use the `nhs` script to push updates. This repository provides `nhs` and `nh` via `direnv` (loaded from `flake.nix` devShell), so just run `direnv allow` first.
```bash
# Update via IP
nh os switch --hostname extremist-software --target-host root@<TARGET_IP> --impure path:.
# Update via Tailscale (uses nhs convenience script)
nhs
# Update via Tailscale (Once tailored up)
nh os switch --hostname extremist-software --target-host root@extremist-software --impure path:.
# Or manually via IP
nh os switch --hostname extremist-software --target-host root@<TARGET_IP> --impure path:.
```
repo uses `impure` build to load `secrets/secrets.nix` directly. no encrypted secrets in git.