depot/modules/fail2ban/default.nix

{ config, depot, ... }:
{
  services.fail2ban = {
    enable = true;
    banaction = "iptables-multiport[blocktype=DROP]";
    jails.sshd = ''
      enabled = true
      port = 22
      mode = aggressive
    '';
    ignoreIP = [
      "10.0.0.0/8"
      depot.reflection.interfaces.primary.addr
    ];
    bantime-increment = {
      enable = true;
      maxtime = "48h";
    };
  };
}
modules: use new hosts style 2023-03-07 02:25:57 +02:00			`{ config, depot, ... }:`
modules/fail2ban: init 2021-10-16 15:31:10 +03:00			`{`
			`services.fail2ban = {`
			`enable = true;`
modules/fail2ban: DROP 2022-05-16 20:39:04 +03:00			`banaction = "iptables-multiport[blocktype=DROP]";`
modules/fail2ban: init 2021-10-16 15:31:10 +03:00			`jails.sshd = ''`
			`enabled = true`
			`port = 22`
			`mode = aggressive`
			`'';`
modules/fail2ban: ignore own and internal IPs 2022-05-16 20:21:31 +03:00			`ignoreIP = [`
			`"10.0.0.0/8"`
modules: use new hosts style 2023-03-07 02:25:57 +02:00			`depot.reflection.interfaces.primary.addr`
modules/fail2ban: ignore own and internal IPs 2022-05-16 20:21:31 +03:00			`];`
modules/fail2ban: global dynamic bantime 2022-05-17 11:40:35 +03:00			`bantime-increment = {`
			`enable = true;`
modules/fail2ban: increase maxtime to 48h 2022-05-18 02:22:35 +03:00			`maxtime = "48h";`
modules/fail2ban: global dynamic bantime 2022-05-17 11:40:35 +03:00			`};`
modules/fail2ban: init 2021-10-16 15:31:10 +03:00			`};`
			`}`