depot/modules/fail2ban/default.nix
2022-05-16 19:39:04 +02:00

16 lines
328 B
Nix

{ config, hosts, ... }:
{
services.fail2ban = {
enable = true;
banaction = "iptables-multiport[blocktype=DROP]";
jails.sshd = ''
enabled = true
port = 22
mode = aggressive
'';
ignoreIP = [
"10.0.0.0/8"
hosts.${config.networking.hostName}.interfaces.primary.addr
];
};
}