From 44ae723bd96a75087959f26b27f42eb4d4604560 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Mon, 22 Jan 2024 12:24:53 +0800
Subject: [PATCH] hosts/ni/services/fail2ban: update settings

---
 configs/nixos/plover/modules/services/fail2ban.nix      | 7 +++++++
 configs/nixos/plover/modules/services/reverse-proxy.nix | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/configs/nixos/plover/modules/services/fail2ban.nix b/configs/nixos/plover/modules/services/fail2ban.nix
index f6d11d59..5cd84a96 100644
--- a/configs/nixos/plover/modules/services/fail2ban.nix
+++ b/configs/nixos/plover/modules/services/fail2ban.nix
@@ -13,6 +13,13 @@ in
   config = lib.mkIf cfg.enable {
     services.fail2ban = {
       enable = true;
+      bantime-increment = {
+        enable = true;
+        factor = "4";
+        maxtime = "24h";
+        overalljails = true;
+      };
+      extraPackages = with pkgs; [ ipset ];
       ignoreIP = [
         # VPN clients.
         "${interfaces.wireguard0.IPv4.address}/13"
diff --git a/configs/nixos/plover/modules/services/reverse-proxy.nix b/configs/nixos/plover/modules/services/reverse-proxy.nix
index e94443d2..17621c57 100644
--- a/configs/nixos/plover/modules/services/reverse-proxy.nix
+++ b/configs/nixos/plover/modules/services/reverse-proxy.nix
@@ -75,7 +75,7 @@ in
       security.dhparams.params.nginx.bits = 4096;
     }
 
-    (lib.mkIf config.profiles.server.enable {
+    (lib.mkIf hostCfg.services.fail2ban.enable {
       # Some fail2ban policies to apply for nginx.
       services.fail2ban.jails = {
         nginx-http-auth.settings = { enabled = true; };