net/fail2ban: initial commit

1 files changed, 31 insertions, 0 deletions

diff --git a/sys/net/fail2ban.nix b/sys/net/fail2ban.nix
new file mode 100644
index 0000000..6dbacd1
--- /dev/null
+++ b/sys/net/fail2ban.nix
@@ -0,0 +1,31 @@
+{ lib, config, pkgs, ... }:
+with lib; let
+  cfg = config.local.net.fail2ban;
+in
+{
+  options.local.net.fail2ban = {
+    enable = mkEnableOption "fal2ban";
+  };
+
+  config = mkIf cfg.enable {
+    services.fail2ban = {
+      enable = true;
+
+      bantime = "10m";
+
+      bantime-increment = {
+        enable = true;
+
+        maxtime = "48h";
+        rndtime = "10m";
+        overalljails = true;
+      };
+
+      #TODO: No quemar
+      ignoreIP = [
+        "10.34.0.0/16"
+        "167.114.128.142"
+      ];
+    };
+  };
+}