hosts/mermet/fail2ban.nix

   1 { hosts, ... }:
   2 {
   3   imports = [
   4     ../../nixos/profiles/services/fail2ban.nix
   5   ];
   6   services.fail2ban = {
   7     enable = true;
   8     ignoreIP = [
   9       hosts.mermet._module.args.ipv4
  10       "losurdo.sourcephile.fr"
  11     ];
  12     jails = {
  13       sshd.settings = {
  14         enabled = true;
  15         bantime = "5m";
  16         findtime = "1d";
  17         maxretry = "1";
  18         mode = "aggressive";
  19       };
  20       postfix.settings = {
  21         enabled = true;
  22         bantime = "5m";
  23         filter = "postfix";
  24         findtime = "10d";
  25         mode = "aggressive";
  26         port = 465;
  27       };
  28       postgresql.settings = {
  29         enabled = true;
  30         bantime = "5m";
  31         filter = "postgresql";
  32         findtime = "1d";
  33         port = 5432;
  34       };
  35     };
  36   };
  37 }