rarias/jungle
2
0
Fork 3
Code Issues 57 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Compare commits

base: rarias:895c0cd687615984d21a6bde61832e5b2dbc4d44
Branches Tags
rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
...
compare: rarias:859eebda988ab3dbb86a7c1a18197820ed926bb9
Branches Tags
rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

4 Commits
895c0cd687 ... 859eebda98

Author SHA1 Message Date
Vincent A. Arcila
859eebda98 Change varcila shell to zsh
All checks were successful
CI / build:all (push) Successful in 59m37s
Details
CI / build:cross (push) Successful in 1h27m33s
Details
CI / build:cross (pull_request) Successful in 1h29m20s
Details
CI / build:all (pull_request) Successful in 1h29m22s
Details 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo
c2a201b085 Increase fail2ban ban time on each attempt
Some checks failed
CI / build:all (push) Has been cancelled
Details
CI / build:cross (push) Has been cancelled
Details
CI / build:all (pull_request) Successful in 1h38m5s
Details
CI / build:cross (pull_request) Successful in 1h38m3s
Details 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo
f921f0a4bd Disable password login via SSH in apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo
aa16bfc0bc Enable fail2ban in apex login node 
We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:22 +01:00
2 changed files with 13 additions and 0 deletions
Expand all files Collapse all files

12
m/apex/configuration.nix
View File

@@ -57,6 +57,18 @@
}; };
}; };
services.fail2ban = {
enable = true;
maxretry = 5;
bantime-increment = {
enable = true; # Double ban time on each attack
maxtime = "7d"; # Ban up to a week
};
};
# Disable SSH login with password, allow only keypair
services.openssh.settings.PasswordAuthentication = false;
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

1
m/common/base/users.nix
View File

@@ -139,6 +139,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
]; ];
shell = pkgs.zsh;
}; };
pmartin1 = { pmartin1 = {