machines: fort: Enable fail2ban
service
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
08d7438ecf
commit
c2ce92d633
|
@ -17,9 +17,10 @@ in {
|
|||
imports = [
|
||||
../secrets/morph/acme.nix
|
||||
../secrets/morph/wireguard
|
||||
../secrets/web.nix
|
||||
../services/fail2ban.nix
|
||||
../services/nginx.nix
|
||||
../services/web/c8h4-io.nix
|
||||
../secrets/web.nix
|
||||
../system/virtual-machine.nix
|
||||
];
|
||||
|
||||
|
|
17
services/fail2ban.nix
Normal file
17
services/fail2ban.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# Such that users can easily use `fail2ban-client`
|
||||
environment.systemPackages = with pkgs; [ fail2ban ];
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 3;
|
||||
ignoreIP = [ "192.168.0.0/16" "172.16.0.0/12" "10.0.0.0/8" ];
|
||||
bantime = "1h";
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
overalljails = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue