From 7ad7712610ba1d57cd2a5a73ceb429dd25b15388 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Fri, 19 May 2023 11:53:18 +0200 Subject: [PATCH] server: fail2ban: add gitea --- hosts/configuration_server.nix | 17 +++++++++++++++++ .../services/server/fail2ban/filter/gitea.conf | 3 +++ 2 files changed, 20 insertions(+) create mode 100644 modules/services/server/fail2ban/filter/gitea.conf diff --git a/hosts/configuration_server.nix b/hosts/configuration_server.nix index 68186b7..2efdf67 100644 --- a/hosts/configuration_server.nix +++ b/hosts/configuration_server.nix @@ -13,6 +13,8 @@ { config, lib, pkgs, inputs, user, location, agenix, ... }: { + + imports = # Import window or display manager. [ #../modules/editors/nvim # ! Comment this out on first install ! @@ -72,6 +74,8 @@ TERMINAL = "alacritty"; EDITOR = "nvim"; VISUAL = "nvim"; + etc = { + "etc/fail2ban/filter.d/gitea.conf".source = ../modules/services/server/fail2ban/filter/gitea.conf; }; systemPackages = with pkgs; [ # Default packages install system-wide vim @@ -107,6 +111,19 @@ }; fail2ban = { enable = true; + maxretry = 5; + jails = { + gitea = '' + enabled = true + filter = gitea + backend = systemd + maxretry = 10 + findtime = 3600 + bantime = 900 + action = iptables-allports + filter = gitea + ''; + }; }; #flatpak.enable = true; # download flatpak file from website - sudo flatpak install - reboot if not showing up diff --git a/modules/services/server/fail2ban/filter/gitea.conf b/modules/services/server/fail2ban/filter/gitea.conf new file mode 100644 index 0000000..bd0f976 --- /dev/null +++ b/modules/services/server/fail2ban/filter/gitea.conf @@ -0,0 +1,3 @@ +[Definition] +failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from +ignoreregex =