diff options
author | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
commit | e6ed60548397627bf10f561f9438201dbba0a36e (patch) | |
tree | f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/fail2ban.nix | |
parent | 9ac64328603d44bd272175942d3ea3eaadcabd04 (diff) |
2024-04-21
Diffstat (limited to 'modules/fail2ban.nix')
-rw-r--r-- | modules/fail2ban.nix | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix new file mode 100644 index 0000000..a0cc2b4 --- /dev/null +++ b/modules/fail2ban.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.fail2ban; +in +{ + options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban"; + + config = mkIf cfg.enable { + ark.directories = [ "/var/lib/fail2ban" ]; + + services.fail2ban = { + enable = true; + + bantime-increment = { + enable = true; + maxtime = "24h"; + rndtime = "8m"; + }; + + ignoreIP = optionals (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + [ + ipv4.subnet + ipv6.subnet + ] + ); + + jails.DEFAULT.settings.blocktype = "DROP"; + }; + }; +} |