c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

machines: fort: Enable fail2ban service

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2023-10-11 22:07:22 +02:00
parent 08d7438ecf
commit c2ce92d633
Signed by: c8h4
GPG key ID: 73D5E7FDEE3DE49A
2 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
machines/fort.nix
View file

@ -17,9 +17,10 @@ in {
imports = [
../secrets/morph/acme.nix
../secrets/morph/wireguard
../secrets/web.nix
../services/fail2ban.nix
../services/nginx.nix
../services/web/c8h4-io.nix
../secrets/web.nix
../system/virtual-machine.nix
];

17
services/fail2ban.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, ... }:
{
# Such that users can easily use `fail2ban-client`
environment.systemPackages = with pkgs; [ fail2ban ];
services.fail2ban = {
enable = true;
maxretry = 3;
ignoreIP = [ "192.168.0.0/16" "172.16.0.0/12" "10.0.0.0/8" ];
bantime = "1h";
bantime-increment = {
enable = true;
overalljails = true;
};
};
}