diff options
Diffstat (limited to 'sys/net/fail2ban.nix')
| -rw-r--r-- | sys/net/fail2ban.nix | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/sys/net/fail2ban.nix b/sys/net/fail2ban.nix new file mode 100644 index 0000000..32197b6 --- /dev/null +++ b/sys/net/fail2ban.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + cfg = config.local.net.fail2ban; + inherit (config.local) nets; +in { + options.local.net.fail2ban = { + enable = mkEnableOption "fail2ban"; + }; + + config = mkIf cfg.enable { + services.fail2ban = { + enable = true; + + bantime = "10m"; + + bantime-increment = { + enable = true; + + maxtime = "48h"; + rndtime = "10m"; + overalljails = true; + }; + + ignoreIP = [ + nets.static-vpn.v6.cidr + nets.gate-srv.v6.cidr + nets.gate-public.hosts.gate.v4.address + nets.gate-public.hosts.gate.v6.address + ]; + }; + }; +} |