fail2ban: configure recidive jail

author: Minijackson <minijackson@riseup.net> 2023-12-30 22:07:48 +0100
committer: Minijackson <minijackson@riseup.net> 2023-12-30 22:07:48 +0100
commit: 9981ea0a7567029a1e7833ec500891c4178f5984 (patch)
tree: 7ff2314073de20177dbe39c6a74982d39c4f8d0a /usecases
parent: 6f17b4b846ea2019c679e8c0576dcec1cee641ef (diff)
download: nixos-config-reborn-9981ea0a7567029a1e7833ec500891c4178f5984.tar.gz
nixos-config-reborn-9981ea0a7567029a1e7833ec500891c4178f5984.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/usecases/server/fail2ban.nix b/usecases/server/fail2ban.nix
index 3870a32..74266f7 100644
--- a/usecases/server/fail2ban.nix
+++ b/usecases/server/fail2ban.nix
@@ -6,5 +6,19 @@ inputs:
  services.fail2ban = {
    enable = true;
    ignoreIP = [ config.topology.mainVpn.subnet ];
+    # Remove when backported:
+    # https://github.com/NixOS/nixpkgs/pull/270864
+    banaction-allports = "iptables-allports";
+    bantime-increment.enable = true;
+    jails = {
+      recidive.settings = {
+        banaction = "%(banaction_allports)s";
+        bantime = "1w";
+        findtime = "1d";
+      };
+    };
  };
 }
author	Minijackson <minijackson@riseup.net>	2023-12-30 22:07:48 +0100
committer	Minijackson <minijackson@riseup.net>	2023-12-30 22:07:48 +0100
commit	9981ea0a7567029a1e7833ec500891c4178f5984 (patch)
tree	7ff2314073de20177dbe39c6a74982d39c4f8d0a /usecases
parent	6f17b4b846ea2019c679e8c0576dcec1cee641ef (diff)
download	nixos-config-reborn-9981ea0a7567029a1e7833ec500891c4178f5984.tar.gz nixos-config-reborn-9981ea0a7567029a1e7833ec500891c4178f5984.zip

diff --git a/usecases/server/fail2ban.nix b/usecases/server/fail2ban.nix index 3870a32..74266f7 100644 --- a/usecases/server/fail2ban.nix +++ b/usecases/server/fail2ban.nix
@@ -6,5 +6,19 @@ inputs:
6	services.fail2ban = {	6	services.fail2ban = {
7	enable = true;	7	enable = true;
8	ignoreIP = [ config.topology.mainVpn.subnet ];	8	ignoreIP = [ config.topology.mainVpn.subnet ];
		9
		10	# Remove when backported:
		11	# https://github.com/NixOS/nixpkgs/pull/270864
		12	banaction-allports = "iptables-allports";
		13
		14	bantime-increment.enable = true;
		15
		16	jails = {
		17	recidive.settings = {
		18	banaction = "%(banaction_allports)s";
		19	bantime = "1w";
		20	findtime = "1d";
		21	};
		22	};
9	};	23	};
10	}	24	}