enable fail2ban instead of sshguard
This commit is contained in:
parent
03b6ee17c2
commit
470c8d32c7
3 changed files with 35 additions and 0 deletions
|
@ -11,6 +11,7 @@ with types;
|
|||
|
||||
imports = [
|
||||
#./avahi.nix
|
||||
./fail2ban.nix
|
||||
./hosts.nix
|
||||
./nginx.nix
|
||||
./sshd
|
||||
|
|
31
components/network/fail2ban.nix
Normal file
31
components/network/fail2ban.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.network.fail2ban.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.network.fail2ban.enable) {
|
||||
|
||||
environment.systemPackages = [ pkgs.fail2ban ];
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||
jails = {
|
||||
# fixme: can't use, because I changed the nginx log format
|
||||
#nginx-bad-request.settings = {
|
||||
# port = "http,https";
|
||||
# logpath = "%(nginx_error_log)s";
|
||||
#};
|
||||
# fixme: can't use, because I changed the nginx log format
|
||||
#nginx-botsearch.settings = {
|
||||
# port = "http,https";
|
||||
# logpath = "%(nginx_error_log)s";
|
||||
#};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -41,6 +41,9 @@
|
|||
components.network.nginx.landingpage.enable = false;
|
||||
components.network.wifi.enable = false;
|
||||
|
||||
components.network.fail2ban.enable = true; # fixme: not really working at the moment
|
||||
components.network.sshd.sshguard.enable = false;
|
||||
|
||||
components.monitor.enable = true;
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
|
||||
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
|
||||
|
|
Loading…
Reference in a new issue