some minor security improvements found by claude

2026-04-26 10:01:18 +02:00
parent 447fc61c0b
commit c5e5b84bfb
4 changed files with 6 additions and 10 deletions
--- a/modules/services/server/coturn.nix
+++ b/modules/services/server/coturn.nix
@@ -4,7 +4,6 @@
    enable = true;
    no-cli = true;
    no-tcp-relay = true;
-    no-tls = true;
    min-port = 49000;
    max-port = 50000;
    use-auth-secret = true;
@@ -53,7 +52,7 @@
      allowedUDPPortRanges = range;
      allowedUDPPorts = [ 3478 ];
      allowedTCPPortRanges = range;
-      allowedTCPPorts = [ 3478 ];
+      allowedTCPPorts = [ 3478 5349 ];
    };
  };
  # get a certificate
--- a/modules/services/server/gitea.nix
+++ b/modules/services/server/gitea.nix
@@ -29,7 +29,7 @@
 	    LFS_ALLOW_PURE_SSH = true;
        };
        security = {
-            MIN_PASSWORD_LENGTH = 8;
+            MIN_PASSWORD_LENGTH = 12;
            PASSWORD_CHECK_PWN = true;
            PASSWORD_HASH_ALGO = "argon2";
        };
--- a/modules/services/server/nextcloud.nix
+++ b/modules/services/server/nextcloud.nix
@@ -1,10 +1,6 @@

 { config, pkgs, ... }:
 {
-    environment.systemPackages = with pkgs; [           # Default packages install system-wide
-      appimage-run
-    ];
-
    services.nextcloud = {
        enable = true;
        hostName = "cloud.kabtop.de";