19 lines
396 B
Nix
19 lines
396 B
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
# Such that users can easily use `fail2ban-client`
|
|
environment.systemPackages = with pkgs; [ fail2ban ];
|
|
|
|
services.fail2ban = {
|
|
enable = true;
|
|
maxretry = 3;
|
|
ignoreIP = [ "192.168.0.0/16" "172.16.0.0/12" "10.0.0.0/8" ];
|
|
bantime = "1h";
|
|
bantime-increment = {
|
|
enable = true;
|
|
overalljails = true;
|
|
maxtime = "168h"; # 1 week
|
|
};
|
|
};
|
|
}
|