nixos-config/modules/nixos/_private/shared-setups/server/fail2ban.nix

{ config, lib, pkgs, ... }:

let cfg = config.shared-setups.server.fail2ban;
in {
  options.shared-setups.server.fail2ban.enable = lib.mkEnableOption
    "typical fail2ban configuration for public-facing servers";

  config = lib.mkIf cfg.enable {
    services.fail2ban = {
      enable = true;
      bantime-increment = {
        enable = true;
        factor = "4";
        maxtime = "24h";
        overalljails = true;
      };
      extraPackages = with pkgs; [ ipset ];

      # We're going to be unforgiving with this one since we only have key
      # authentication and password authentication is disabled anyways.
      jails.sshd.settings = {
        enabled = true;
        maxretry = 1;
      };
    };
  };
}
nixos/shared-setups: init modules subset 2024-09-18 01:26:06 +00:00			`{ config, lib, pkgs, ... }:`

chore: reformat codebase 2025-01-29 04:48:19 +00:00			`let cfg = config.shared-setups.server.fail2ban;`
			`in {`
			`options.shared-setups.server.fail2ban.enable = lib.mkEnableOption`
			`"typical fail2ban configuration for public-facing servers";`
nixos/shared-setups: init modules subset 2024-09-18 01:26:06 +00:00
			`config = lib.mkIf cfg.enable {`
			`services.fail2ban = {`
			`enable = true;`
			`bantime-increment = {`
			`enable = true;`
			`factor = "4";`
			`maxtime = "24h";`
			`overalljails = true;`
			`};`
			`extraPackages = with pkgs; [ ipset ];`

			`# We're going to be unforgiving with this one since we only have key`
			`# authentication and password authentication is disabled anyways.`
			`jails.sshd.settings = {`
			`enabled = true;`
			`maxretry = 1;`
			`};`
			`};`
			`};`
			`}`