1 files changed, 30 insertions, 9 deletions

diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix
index a971eb2..303ab4e 100644
--- a/sys/web/nginx.nix
+++ b/sys/web/nginx.nix
@@ -14,19 +14,40 @@ in
   };
 
   config = mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
+    services = {
+      fail2ban.jails = {
+        # https://discourse.nixos.org/t/fail2ban-with-nginx-and-authelia/31419
+        nginx-botsearch.settings = {
+          # Usar log en vez de journalctl
+          # TODO: Pasar todo a systemd?
+          backend = "pyinotify";
+          logpath = "/var/log/nginx/*.log";
+          journalmatch = "";
+        };
 
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
+        nginx-bad-request.settings = {
+          backend = "pyinotify";
+          logpath = "/var/log/nginx/*.log";
+          journalmatch = "";
 
-      sslDhparam = config.security.dhparams.params.nginx.path;
+          maxretry = 10;
+        };
+      };
 
-      clientMaxBodySize = "42M";
+      nginx = {
+        enable = true;
 
-      virtualHosts = { };
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+
+        sslDhparam = config.security.dhparams.params.nginx.path;
+
+        clientMaxBodySize = "42M";
+
+        virtualHosts = { };
+      };
     };
 
     local.certs = listToAttrs (map