tux/nixos-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nixos-config.git synced 2025-07-06 17:56:35 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add fail2ban

Browse Source
This commit is contained in:
tux
2024-11-03 16:09:44 +05:30
parent 89651d1630
commit 572f3bd9ae
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/default.nix
View File

@ -16,6 +16,7 @@ in {
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../../modules/nixos/fail2ban.nix
../../modules/nixos/sops.nix ../../modules/nixos/sops.nix
]; ];

32
modules/nixos/fail2ban.nix Normal file
View File

@ -0,0 +1,32 @@
{config, ...}: let
isFirewallEnabled = config.networking.firewall.enable;
in {
services.fail2ban = {
enable = isFirewallEnabled;
maxretry = 5;
banaction = "iptables-multiport[blocktype=DROP]";
ignoreIP = [
"127.0.0.0/8"
"10.0.0.0/8"
"192.168.0.0/16"
];
bantime = "24h";
bantime-increment = {
enable = true;
rndtime = "12m";
overalljails = true;
multipliers = "4 8 16 32 64 128 256 512 1024 2048";
maxtime = "192h";
};
jails = {
sshd.settings = {
enabled = true;
port = toString config.services.openssh.ports;
mode = "aggressive";
filter = "sshd";
};
};
};
}