hosts: add dmz, cleanups

hosts/server/default.nix

@@ -38,13 +38,18 @@
     };
   };
 
-#  environment = {
-#    systemPackages = with pkgs; [
-##      simple-scan
-##       intel-media-driver
-##       alacritty
-#    ];
-#  };
+  environment = {
+    etc = {
+      "fail2ban/filter.d/gitea.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
+        mode = "0444";
+      };
+      "fail2ban/filter.d/nextcloud.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
+        mode = "0444";
+      };
+    };
+  };
 
   programs = {                              # No xbacklight, this is the alterantive
     zsh.enable = true;
@@ -67,6 +72,29 @@
         userServices = true;
       };
     };
+    fail2ban = {
+        enable = true;
+        maxretry = 5;
+        jails.DEFAULT.settings = {
+           findtime = "15m";
+           bantime = "1h";
+        };
+        jails = {
+            gitea = ''
+              enabled = true
+              filter = gitea
+              backend = systemd
+              action = iptables-allports
+            '';
+            nextcloud = ''
+              backend = auto
+              enabled = true
+              filter = nextcloud
+              logpath = /var/lib/nextcloud/data/nextcloud.log
+              action = iptables-allports
+            '';
+          };
+    };
 
   };