add git.ingolf-wagner.de errors

This commit is contained in:
Ingolf Wagner 2024-06-15 23:52:21 +02:00
parent 701b55c2fb
commit 49b5665f77
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -6,26 +6,33 @@ with lib;
default = false;
};
config = mkIf (config.components.network.fail2ban.enable) {
environment.systemPackages = [ pkgs.fail2ban ];
config = mkMerge [
(mkIf config.components.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
services.fail2ban = {
enable = true;
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
jails = {
# fixme: can't use, because I changed the nginx log format
#nginx-bad-request.settings = {
# port = "http,https";
# logpath = "%(nginx_error_log)s";
#};
# fixme: can't use, because I changed the nginx log format
#nginx-botsearch.settings = {
# port = "http,https";
# logpath = "%(nginx_error_log)s";
#};
};
jails = { };
};
})
# custom defined jails
# --------------------
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
(mkIf config.components.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-ingolf-wagner-de.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";
};
environment.etc = {
# Defines a filter that detects URL probing by reading the Nginx access log
"fail2ban/filter.d/nginx-git-ingolf-wagner-de.local".text = ''
[Definition]
failregex = src_addr="<HOST>".*response_statu="404".*host="git\.ingolf-wagner\.de"
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
'';
};
})
];
}