hosts/losurdo/fail2ban.nix

   1 { pkgs, hosts, ... }:
   2 {
   3   imports = [
   4     ../../nixos/profiles/services/fail2ban.nix
   5   ];
   6   services.fail2ban = {
   7     enable = true;
   8     ignoreIP = [
   9       #"0.0.0.0/8"
  10       #"10.0.0.0/8"
  11       "127.0.0.0/8"
  12       #"169.254.0.0/16"
  13       #"172.16.0.0/12"
  14       #"192.0.2.0/24"
  15       "192.168.0.0/16"
  16       #"224.0.0.0/3"
  17       #"240.0.0.0/5"
  18       hosts.mermet._module.args.ipv4
  19       "losurdo.sourcephile.fr"
  20     ];
  21     jails = {
  22       sshd.settings = {
  23         enabled = true;
  24         bantime = "5m";
  25         findtime = "1d";
  26         maxretry = "1";
  27         mode = "aggressive";
  28       };
  29       postgresql.settings = {
  30         enabled = true;
  31         bantime = "1m";
  32         filter = "postgresql";
  33         findtime = "1d";
  34         port = 5432;
  35       };
  36     };
  37   };
  38 }