1 files changed, 14 insertions, 0 deletions
diff --git a/usecases/server/fail2ban.nix b/usecases/server/fail2ban.nix
index 3870a32..74266f7 100644
--- a/usecases/server/fail2ban.nix
+++ b/usecases/server/fail2ban.nix
@@ -6,5 +6,19 @@ inputs:
  services.fail2ban = {
    enable = true;
    ignoreIP = [ config.topology.mainVpn.subnet ];
+    # Remove when backported:
+    # https://github.com/NixOS/nixpkgs/pull/270864
+    banaction-allports = "iptables-allports";
+    bantime-increment.enable = true;
+    jails = {
+      recidive.settings = {
+        banaction = "%(banaction_allports)s";
+        bantime = "1w";
+        findtime = "1d";
+      };
+    };
  };
 }

diff --git a/usecases/server/fail2ban.nix b/usecases/server/fail2ban.nix index 3870a32..74266f7 100644 --- a/usecases/server/fail2ban.nix +++ b/usecases/server/fail2ban.nix
@@ -6,5 +6,19 @@ inputs:
6	services.fail2ban = {	6	services.fail2ban = {
7	enable = true;	7	enable = true;
8	ignoreIP = [ config.topology.mainVpn.subnet ];	8	ignoreIP = [ config.topology.mainVpn.subnet ];
		9
		10	# Remove when backported:
		11	# https://github.com/NixOS/nixpkgs/pull/270864
		12	banaction-allports = "iptables-allports";
		13
		14	bantime-increment.enable = true;
		15
		16	jails = {
		17	recidive.settings = {
		18	banaction = "%(banaction_allports)s";
		19	bantime = "1w";
		20	findtime = "1d";
		21	};
		22	};
9	};	23	};
10	}	24	}