add git.ingolf-wagner.de errors
This commit is contained in:
parent
701b55c2fb
commit
49b5665f77
1 changed files with 27 additions and 20 deletions
|
@ -6,26 +6,33 @@ with lib;
|
|||
default = false;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.network.fail2ban.enable) {
|
||||
|
||||
environment.systemPackages = [ pkgs.fail2ban ];
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||
jails = {
|
||||
# fixme: can't use, because I changed the nginx log format
|
||||
#nginx-bad-request.settings = {
|
||||
# port = "http,https";
|
||||
# logpath = "%(nginx_error_log)s";
|
||||
#};
|
||||
# fixme: can't use, because I changed the nginx log format
|
||||
#nginx-botsearch.settings = {
|
||||
# port = "http,https";
|
||||
# logpath = "%(nginx_error_log)s";
|
||||
#};
|
||||
config = mkMerge [
|
||||
(mkIf config.components.network.fail2ban.enable {
|
||||
environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
jails = { };
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
# custom defined jails
|
||||
# --------------------
|
||||
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||
(mkIf config.components.network.fail2ban.enable {
|
||||
services.fail2ban.jails.nginx-git-ingolf-wagner-de.settings = {
|
||||
port = "http,https";
|
||||
logpath = "%(nginx_error_log)s";
|
||||
};
|
||||
environment.etc = {
|
||||
# Defines a filter that detects URL probing by reading the Nginx access log
|
||||
"fail2ban/filter.d/nginx-git-ingolf-wagner-de.local".text = ''
|
||||
[Definition]
|
||||
failregex = src_addr="<HOST>".*response_statu="404".*host="git\.ingolf-wagner\.de"
|
||||
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
||||
'';
|
||||
};
|
||||
})
|
||||
|
||||
];
|
||||
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue