services: vaultwarden: add fail2ban jail
All checks were successful
flake / build (push) Successful in 3m7s
All checks were successful
flake / build (push) Successful in 3m7s
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
e373b1aa98
commit
b4c458e11a
|
@ -41,4 +41,25 @@ in {
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.fail2ban.jails.vaultwarden =
|
||||
lib.mkIf config.services.fail2ban.enable {
|
||||
filter = {
|
||||
INCLUDES.before = "common.conf";
|
||||
Definition = {
|
||||
failregex =
|
||||
"^.*?Username or password is incorrect. Try again. IP: <ADDR>. Username:.*$";
|
||||
ignoreregex = "";
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
enabled = true;
|
||||
backend = "systemd";
|
||||
journalmatch = "_SYSTEMD_UNIT=vaultwarden.service + _COMM=vaultwarden";
|
||||
port = "http,https";
|
||||
filter = "vaultwarden";
|
||||
bantime = "48h";
|
||||
findtime = "4h";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue