From 138ff2ae32facaf4f2c072115b1b0f64f05f615a Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Thu, 13 Jul 2023 07:39:07 +0300 Subject: 2023-07-13 --- modules/nixos/vaultwarden.nix | 54 ++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 24 deletions(-) (limited to 'modules/nixos/vaultwarden.nix') diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 2475ed3..2aaecf2 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -104,33 +104,39 @@ in { ]; }; - fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable { - vaultwarden = '' - enabled = true - filter = vaultwarden - port = http,https - ''; - vaultwarden-admin = '' - enabled = true - filter = vaultwarden-admin - port = http,https - ''; + fail2ban.jails = { + vaultwarden = { + enabled = true; + settings = { + filter = "vaultwarden"; + port = "http,https"; + }; + }; + vaultwarden-admin = { + enabled = true; + settings = { + filter = "vaultwarden-admin"; + port = "http,https"; + }; + }; }; }; - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { - "fail2ban/filter.d/vaultwarden.conf".text = '' - [Definition] - failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; - "fail2ban/filter.d/vaultwarden-admin.conf".text = '' - [Definition] - failregex = ^.*Invalid admin token\. IP: .*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; + environment.etc = { + "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} { + Definition = { + failregex = "^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$"; + ignoreregex = ""; + journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; + }; + }; + "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} { + Definition = { + failregex = "^.*Invalid admin token\. IP: .*$"; + ignoreregex = ""; + journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; + }; + }; }; }; } -- cgit v1.2.3