Local changes

config/host-config/limina.nix

@@ -36,13 +36,8 @@ in {
       };
 
       # FIXME: this should be automatic
-      firewall.trustedInterfaces = [
+      firewall.trustedInterfaces =
-        "intif0"
+        [ "intif0" "intif1" "intif2" "lo" "docker0" ];
-        "intif1"
-        "intif2"
-        "lo"
-        "docker0"
-      ];
 
       nat = {
         enable = true;

config/profile-config/common.nix

@@ -55,10 +55,13 @@ in {
       '';
     };
 
-    fail2ban = {
+    fail2ban =
-      enable = config.networking.firewall.enable;
+      let domain-name = config.fudo.hosts.${config.instance.hostname}.domain;
-      bantime-increment.enable = true;
+      in {
-    };
+        enable = config.networking.firewall.enable;
+        bantime-increment.enable = true;
+        ignoreIP = config.fudo.domains.${domain-name}.local-networks;
+      };
 
     xserver = {
       layout = "us";

config/sites.nix

@@ -21,6 +21,7 @@
           speed-factor = 2;
         };
       };
+      enable-distributed-builds = true;
       # FIXME: good idea?
       # network-mounts = {
       #   "/mnt/documents" = {

lib/fudo/hosts.nix

@@ -183,7 +183,7 @@ in {
     nix = mkIf
       (has-build-servers && has-build-keys && site.enable-distributed-builds) {
         buildMachines = mapAttrsToList (hostname: buildOpts: {
-          hostName = "${hostname}.${domain}";
+          hostName = "${hostname}.${domain-name}";
           maxJobs = buildOpts.max-jobs;
           speedFactor = buildOpts.speed-factor;
           supportedFeatures = buildOpts.supported-features;

lib/fudo/sites.nix

@@ -133,6 +133,12 @@ let
         description = "User as which to run builds.";
         default = "nix-site-builder";
       };
+
+      local-networks = mkOption {
+        type = listOf str;
+        description = "List of networks to consider local at this site.";
+        default = [ ];
+      };
     };
   };