diff options
Diffstat (limited to 'modules/nixos/vaultwarden.nix')
-rw-r--r-- | modules/nixos/vaultwarden.nix | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 2475ed3..2aaecf2 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -104,33 +104,39 @@ in { ]; }; - fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable { - vaultwarden = '' - enabled = true - filter = vaultwarden - port = http,https - ''; - vaultwarden-admin = '' - enabled = true - filter = vaultwarden-admin - port = http,https - ''; + fail2ban.jails = { + vaultwarden = { + enabled = true; + settings = { + filter = "vaultwarden"; + port = "http,https"; + }; + }; + vaultwarden-admin = { + enabled = true; + settings = { + filter = "vaultwarden-admin"; + port = "http,https"; + }; + }; }; }; - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { - "fail2ban/filter.d/vaultwarden.conf".text = '' - [Definition] - failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; - "fail2ban/filter.d/vaultwarden-admin.conf".text = '' - [Definition] - failregex = ^.*Invalid admin token\. IP: <ADDR>.*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; + environment.etc = { + "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} { + Definition = { + failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; + ignoreregex = ""; + journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; + }; + }; + "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} { + Definition = { + failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; + ignoreregex = ""; + journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; + }; + }; }; }; } |