hosts/ni/services/fail2ban: update settings

2025-01-31 04:58:01 +00:00 · 2024-01-22 12:24:53 +08:00 · 2024-01-22 12:24:53 +08:00 · 44ae723bd9
commit 44ae723bd9
parent a91e89b6a3
2 changed files with 8 additions and 1 deletions
--- a/configs/nixos/plover/modules/services/fail2ban.nix
+++ b/configs/nixos/plover/modules/services/fail2ban.nix
@ -13,6 +13,13 @@ in
  config = lib.mkIf cfg.enable {
    services.fail2ban = {
      enable = true;
+      bantime-increment = {
+        enable = true;
+        factor = "4";
+        maxtime = "24h";
+        overalljails = true;
+      };
+      extraPackages = with pkgs; [ ipset ];
      ignoreIP = [
        # VPN clients.
        "${interfaces.wireguard0.IPv4.address}/13"
--- a/configs/nixos/plover/modules/services/reverse-proxy.nix
+++ b/configs/nixos/plover/modules/services/reverse-proxy.nix
@ -75,7 +75,7 @@ in
      security.dhparams.params.nginx.bits = 4096;
    }

-    (lib.mkIf config.profiles.server.enable {
+    (lib.mkIf hostCfg.services.fail2ban.enable {
      # Some fail2ban policies to apply for nginx.
      services.fail2ban.jails = {
        nginx-http-auth.settings = { enabled = true; };