Updates to the server and first rate limiting attempts
This commit is contained in:
parent
c8a103ea43
commit
dbe550f9fe
GPG key ID:
55A1D803917CF39A
5 changed files with 40 additions and 17 deletions
12
flake.lock
generated
12
flake.lock
generated
|
|
@ -173,11 +173,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1767556355,
|
"lastModified": 1767702900,
|
||||||
"narHash": "sha256-RDTUBDQBi9D4eD9iJQWtUDN/13MDLX+KmE+TwwNUp2s=",
|
"narHash": "sha256-xMzHmNytl7JgFRov2jHf2GYsLVp/sAfYO0JvbZt0uDo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "f894bc4ffde179d178d8deb374fcf9855d1a82b7",
|
"rev": "38e187fd2f9efac197e03be0c25f3ee215974144",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -410,11 +410,11 @@
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1767502237,
|
"lastModified": 1767568852,
|
||||||
"narHash": "sha256-rRrn9I4H692troUl5pBtE3Y5mG2msSMU/2ro7+ZQrFM=",
|
"narHash": "sha256-6s8hL3YX9zAq2T7qvcwwzaEVwc9MEYbW+C2LcAAQfbk=",
|
||||||
"owner": "0xc000022070",
|
"owner": "0xc000022070",
|
||||||
"repo": "zen-browser-flake",
|
"repo": "zen-browser-flake",
|
||||||
"rev": "e3efa5e2b53982f985044062c98426ec75d6695b",
|
"rev": "350c729b261e6f5529460140a5f0943dd4c5e156",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -50,4 +50,22 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Imposing a bandwidth limit to avoid Aurore/Crans disruptions
|
||||||
|
networking.nftables = {
|
||||||
|
tables.rate_limit = {
|
||||||
|
name = "rate_limit";
|
||||||
|
family = "inet";
|
||||||
|
enable = true;
|
||||||
|
content = ''
|
||||||
|
limit lim { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; }
|
||||||
|
|
||||||
|
chain IN {
|
||||||
|
type filter hook input priority filter; policy drop;
|
||||||
|
tcp dport 80 limit name "lim" accept
|
||||||
|
tcp dport 443 limit name "lim" accept
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,8 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.nftables.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
mdadm
|
mdadm
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,8 @@
|
||||||
{
|
{
|
||||||
virtualisation.incus.enable = true;
|
virtualisation.incus.enable = true;
|
||||||
virtualisation.incus.ui.enable = true;
|
virtualisation.incus.ui.enable = true;
|
||||||
networking.nftables.enable = true;
|
# Enabled on server as a whole
|
||||||
|
# networking.nftables.enable = true;
|
||||||
networking.firewall.trustedInterfaces = [ "incusbr0" ];
|
networking.firewall.trustedInterfaces = [ "incusbr0" ];
|
||||||
virtualisation.incus.preseed = {
|
virtualisation.incus.preseed = {
|
||||||
networks = [
|
networks = [
|
||||||
|
|
|
||||||
|
|
@ -79,18 +79,12 @@
|
||||||
# Crans Nounou
|
# Crans Nounou
|
||||||
elsif anyof (
|
elsif anyof (
|
||||||
header :contains "List-Id" "<nounou.lists.crans.org>",
|
header :contains "List-Id" "<nounou.lists.crans.org>",
|
||||||
header :contains "List-Id" "<apprenti-es.lists.crans.org>"
|
header :contains "List-Id" "<apprenti-es.lists.crans.org>",
|
||||||
|
address :is :all "To" "contact@crans.org",
|
||||||
|
address :is :all "From" "contact@crans.org"
|
||||||
) {
|
) {
|
||||||
fileinto :create "Crans.crans.nounou";
|
fileinto :create "Crans.crans.nounou";
|
||||||
}
|
}
|
||||||
# Crans Root
|
|
||||||
elsif anyof (
|
|
||||||
address :is :all "To" "root@crans.org",
|
|
||||||
address :is :all "From" "root@crans.org",
|
|
||||||
address :is :all "From" "www-data@crans.org"
|
|
||||||
) {
|
|
||||||
fileinto :create "Crans.crans.root";
|
|
||||||
}
|
|
||||||
# Crans Root Postmaster
|
# Crans Root Postmaster
|
||||||
elsif address :is :all "To" "postmaster@crans.org" {
|
elsif address :is :all "To" "postmaster@crans.org" {
|
||||||
addflag "\\Seen";
|
addflag "\\Seen";
|
||||||
|
|
@ -100,6 +94,14 @@
|
||||||
elsif address :is :all "From" "MAILER-DAEMON@crans.org" {
|
elsif address :is :all "From" "MAILER-DAEMON@crans.org" {
|
||||||
fileinto :create "Crans.crans.root.mailer";
|
fileinto :create "Crans.crans.root.mailer";
|
||||||
}
|
}
|
||||||
|
# Crans Root
|
||||||
|
elsif anyof (
|
||||||
|
address :is :all "To" "root@crans.org",
|
||||||
|
address :is :all "From" "root@crans.org",
|
||||||
|
address :is :all "From" "www-data@crans.org"
|
||||||
|
) {
|
||||||
|
fileinto :create "Crans.crans.root";
|
||||||
|
}
|
||||||
# Crans Gitlab
|
# Crans Gitlab
|
||||||
elsif address :is :all "From" "gitlab@crans.org" {
|
elsif address :is :all "From" "gitlab@crans.org" {
|
||||||
fileinto :create "Crans.crans.gitlab";
|
fileinto :create "Crans.crans.gitlab";
|
||||||
|
|
@ -179,7 +181,7 @@
|
||||||
# "@lyes.eu" = "lyes@mail.lyes.eu";
|
# "@lyes.eu" = "lyes@mail.lyes.eu";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# certificateScheme = "acme-nginx";
|
x509.useACMEHost = config.mailserver.fqdn;
|
||||||
};
|
};
|
||||||
|
|
||||||
# services.dovecot2.extraConfig = ''
|
# services.dovecot2.extraConfig = ''
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue