nixos-config/components/network/fail2ban.nix

{ config, lib, pkgs, ... }:
with lib;
{
  options.components.network.fail2ban.enable = mkOption {
    type = lib.types.bool;
    default = false;
  };

  config = mkIf (config.components.network.fail2ban.enable) {

    environment.systemPackages = [ pkgs.fail2ban ];

    services.fail2ban = {
      enable = true;
      # https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
      jails = {
        # fixme: can't use, because I changed the nginx log format
        #nginx-bad-request.settings = {
        #  port = "http,https";
        #  logpath = "%(nginx_error_log)s";
        #};
        # fixme: can't use, because I changed the nginx log format
        #nginx-botsearch.settings = {
        #  port = "http,https";
        #  logpath = "%(nginx_error_log)s";
        #};
      };
    };

  };
}