losurdo: docker: enable service
[sourcephile-nix.git] / hosts / mermet / fail2ban.nix
index 01e83189c3fceeab593faa20a85ad40c9b9ee16d..e99c30733fb2360715e0b9f4e5650e3d6ea347db 100644 (file)
@@ -1,49 +1,37 @@
-{ pkgs, hosts, ... }:
+{ hosts, ... }:
 {
-  services.openssh.logLevel = "VERBOSE";
-  /*
-    systemd.services.nftables.postStart = ''
-    systemctl reload fail2ban
-    '';
-  */
+  imports = [
+    ../../nixos/profiles/services/fail2ban.nix
+  ];
   services.fail2ban = {
     enable = true;
-    banaction = "nftables-multiport";
-    banaction-allports = "nftables-allports";
-    bantime-increment = {
-      enable = true;
-      factor = "1";
-      formula = "ban.Time * (1 << min(ban.Count, 20)) * banFactor";
-      maxtime = "1y";
-      multipliers = "";
-      overalljails = false;
-      rndtime = "";
-    };
-    packageFirewall = pkgs.nftables;
     ignoreIP = [
       hosts.mermet._module.args.ipv4
       "losurdo.sourcephile.fr"
     ];
     jails = {
-      DEFAULT = ''
-    '';
-      sshd = ''
-        enabled = true
-        bantime = 5m
-        findtime = 1d
-        maxretry = 1
-        mode = aggressive
-      '';
-      postfix = ''
-        enabled = true
-        bantime = 5m
-        findtime = 1d
-        mode = aggressive
-      '';
+      sshd.settings = {
+        enabled = true;
+        bantime = "5m";
+        findtime = "1d";
+        maxretry = "1";
+        mode = "aggressive";
+      };
+      postfix.settings = {
+        enabled = true;
+        bantime = "5m";
+        filter = "postfix";
+        findtime = "10d";
+        mode = "aggressive";
+        port = 465;
+      };
+      postgresql.settings = {
+        enabled = true;
+        bantime = "5m";
+        filter = "postgresql";
+        findtime = "1d";
+        port = 5432;
+      };
     };
   };
-  environment.etc."fail2ban/action.d/nftables-common.local".text = ''
-    [Init]
-    blocktype = drop
-  '';
 }