feat(knights): add fail2ban · 74k1.sh/tix@1d46048

74k1.sh / tix

fork

(T)im's N(ix) Flake, Multi-Host Configurations for all of my machines! 74k1.sh/

nixos nix

fork

feat(knights): add fail2ban

74k1 2 months ago 1d460480 d336cc9b

+14 -3

1 changed file

expand all

hosts

nixos

knights

configuration.nix

+14 -3

hosts/nixos/knights/configuration.nix

··· 27 27 inputs.agenix.nixosModules.default 28 28 inputs.agenix-rekey.nixosModules.default 29 29 30 - # fail2ban 30 + fail2ban 31 31 vector 32 32 33 33 anubis ··· 59 59 localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}"; 60 60 }; 61 61 62 + services.fail2ban.jails = { 63 + sshd.settings = { 64 + enabled = true; 65 + port = "ssh"; 66 + filter = "sshd[mode=agressive]"; 67 + maxretry = 1; 68 + bantime = "1h"; 69 + }; 70 + }; 71 + 62 72 networking = { 63 73 hostName = "knights"; # Define your hostname. 64 74 networkmanager.enable = true; ··· 70 80 443 71 81 2202 72 82 2277 83 + 25565 73 84 51820 74 85 ]; 75 86 allowedTCPPorts = [ 87 + 22 76 88 80 77 89 443 78 90 2202 79 91 2277 80 - 51820 81 - 22 92 + 25565 82 93 ]; # Added port 22 for Forgejo SSH 83 94 }; 84 95 useNetworkd = true;

Configure Feed

Configure Feed