foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/ni/services/fail2ban: update settings

Browse Source
This commit is contained in:
Gabriel Arazas 2024-01-22 12:24:53 +08:00
parent a91e89b6a3
commit 44ae723bd9
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
configs/nixos/plover/modules/services/fail2ban.nix
View File

@ -13,6 +13,13 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
bantime-increment = {
enable = true;
factor = "4";
maxtime = "24h";
overalljails = true;
};
extraPackages = with pkgs; [ ipset ];
ignoreIP = [ ignoreIP = [
# VPN clients. # VPN clients.
"${interfaces.wireguard0.IPv4.address}/13" "${interfaces.wireguard0.IPv4.address}/13"

2
configs/nixos/plover/modules/services/reverse-proxy.nix
View File

@ -75,7 +75,7 @@ in
security.dhparams.params.nginx.bits = 4096; security.dhparams.params.nginx.bits = 4096;
} }
(lib.mkIf config.profiles.server.enable { (lib.mkIf hostCfg.services.fail2ban.enable {
# Some fail2ban policies to apply for nginx. # Some fail2ban policies to apply for nginx.
services.fail2ban.jails = { services.fail2ban.jails = {
nginx-http-auth.settings = { enabled = true; }; nginx-http-auth.settings = { enabled = true; };