enable fail2ban instead of sshguard
This commit is contained in:
parent
03b6ee17c2
commit
470c8d32c7
3 changed files with 35 additions and 0 deletions
|
@ -11,6 +11,7 @@ with types;
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
#./avahi.nix
|
#./avahi.nix
|
||||||
|
./fail2ban.nix
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./sshd
|
./sshd
|
||||||
|
|
31
components/network/fail2ban.nix
Normal file
31
components/network/fail2ban.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
options.components.network.fail2ban.enable = mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf (config.components.network.fail2ban.enable) {
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.fail2ban ];
|
||||||
|
|
||||||
|
services.fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||||
|
jails = {
|
||||||
|
# fixme: can't use, because I changed the nginx log format
|
||||||
|
#nginx-bad-request.settings = {
|
||||||
|
# port = "http,https";
|
||||||
|
# logpath = "%(nginx_error_log)s";
|
||||||
|
#};
|
||||||
|
# fixme: can't use, because I changed the nginx log format
|
||||||
|
#nginx-botsearch.settings = {
|
||||||
|
# port = "http,https";
|
||||||
|
# logpath = "%(nginx_error_log)s";
|
||||||
|
#};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -41,6 +41,9 @@
|
||||||
components.network.nginx.landingpage.enable = false;
|
components.network.nginx.landingpage.enable = false;
|
||||||
components.network.wifi.enable = false;
|
components.network.wifi.enable = false;
|
||||||
|
|
||||||
|
components.network.fail2ban.enable = true; # fixme: not really working at the moment
|
||||||
|
components.network.sshd.sshguard.enable = false;
|
||||||
|
|
||||||
components.monitor.enable = true;
|
components.monitor.enable = true;
|
||||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
|
||||||
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
|
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
|
||||||
|
|
Loading…
Reference in a new issue