carotte: zfs: disable

[sourcephile-nix.git] / hosts / mermet / fail2ban.nix

diff --git a/hosts/mermet/fail2ban.nix b/hosts/mermet/fail2ban.nix
index 1966cac67be256716f71410f414ec28ac27b34ea..e99c30733fb2360715e0b9f4e5650e3d6ea347db 100644 (file)
--- a/hosts/mermet/fail2ban.nix
+++ b/hosts/mermet/fail2ban.nix
@@ -1,24 +1,10 @@
-{ pkgs, hosts, ... }:
+{ hosts, ... }:
 {
-  services.openssh.settings.LogLevel = "VERBOSE";
-  /*
-    systemd.services.nftables.postStart = ''
-    systemctl reload fail2ban
-    '';
-  */
+  imports = [
+    ../../nixos/profiles/services/fail2ban.nix
+  ];
   services.fail2ban = {
     enable = true;
-    banaction = "nftables-multiport";
-    banaction-allports = "nftables-allports";
-    bantime-increment = {
-      enable = true;
-      factor = "1";
-      formula = "ban.Time * (1 << min(ban.Count, 20)) * banFactor";
-      maxtime = "1y";
-      overalljails = false;
-      rndtime = "";
-    };
-    packageFirewall = pkgs.nftables;
     ignoreIP = [
       hosts.mermet._module.args.ipv4
       "losurdo.sourcephile.fr"
@@ -35,7 +21,7 @@
         enabled = true;
         bantime = "5m";
         filter = "postfix";
-        findtime = "1d";
+        findtime = "10d";
         mode = "aggressive";
         port = 465;
       };
@@ -48,8 +34,4 @@
       };
     };
   };
-  environment.etc."fail2ban/action.d/nftables-common.local".text = ''
-    [Init]
-    blocktype = drop
-  '';
 }