From f99759d5cb6ee8c6000da07d4e1ac4ffed4cb297 Mon Sep 17 00:00:00 2001
From: Niten <niten@fudo.org>
Date: Mon, 12 Apr 2021 22:15:13 -0700
Subject: [PATCH] Local changes

---
 config/host-config/limina.nix    | 11 +++--------
 config/profile-config/common.nix | 11 +++++++----
 config/sites.nix                 |  1 +
 lib/fudo/hosts.nix               |  2 +-
 lib/fudo/sites.nix               |  6 ++++++
 5 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix
index b2d2421..5fec051 100644
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@@ -36,13 +36,8 @@ in {
       };
 
       # FIXME: this should be automatic
-      firewall.trustedInterfaces = [
-        "intif0"
-        "intif1"
-        "intif2"
-        "lo"
-        "docker0"
-      ];
+      firewall.trustedInterfaces =
+        [ "intif0" "intif1" "intif2" "lo" "docker0" ];
 
       nat = {
         enable = true;
@@ -53,7 +48,7 @@ in {
 
     fudo = {
       hosts.limina.external-interfaces = [ "enp1s0" ];
-      
+
       local-network = {
         enable = true;
         domain = domain-name;
diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix
index fb4a081..6d387d6 100644
--- a/config/profile-config/common.nix
+++ b/config/profile-config/common.nix
@@ -55,10 +55,13 @@ in {
       '';
     };
 
-    fail2ban = {
-      enable = config.networking.firewall.enable;
-      bantime-increment.enable = true;
-    };
+    fail2ban =
+      let domain-name = config.fudo.hosts.${config.instance.hostname}.domain;
+      in {
+        enable = config.networking.firewall.enable;
+        bantime-increment.enable = true;
+        ignoreIP = config.fudo.domains.${domain-name}.local-networks;
+      };
 
     xserver = {
       layout = "us";
diff --git a/config/sites.nix b/config/sites.nix
index 86c3605..5810243 100644
--- a/config/sites.nix
+++ b/config/sites.nix
@@ -21,6 +21,7 @@
           speed-factor = 2;
         };
       };
+      enable-distributed-builds = true;
       # FIXME: good idea?
       # network-mounts = {
       #   "/mnt/documents" = {
diff --git a/lib/fudo/hosts.nix b/lib/fudo/hosts.nix
index 4554651..477957e 100644
--- a/lib/fudo/hosts.nix
+++ b/lib/fudo/hosts.nix
@@ -183,7 +183,7 @@ in {
     nix = mkIf
       (has-build-servers && has-build-keys && site.enable-distributed-builds) {
         buildMachines = mapAttrsToList (hostname: buildOpts: {
-          hostName = "${hostname}.${domain}";
+          hostName = "${hostname}.${domain-name}";
           maxJobs = buildOpts.max-jobs;
           speedFactor = buildOpts.speed-factor;
           supportedFeatures = buildOpts.supported-features;
diff --git a/lib/fudo/sites.nix b/lib/fudo/sites.nix
index 9389b42..db12e10 100644
--- a/lib/fudo/sites.nix
+++ b/lib/fudo/sites.nix
@@ -133,6 +133,12 @@ let
         description = "User as which to run builds.";
         default = "nix-site-builder";
       };
+
+      local-networks = mkOption {
+        type = listOf str;
+        description = "List of networks to consider local at this site.";
+        default = [ ];
+      };
     };
   };