Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

server: fail2ban: add gitea

Browse Source
This commit is contained in:
Kabbone 2023-05-19 11:53:18 +02:00
parent 2b15b48678
commit 7ad7712610
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/configuration_server.nix
View File

@ -13,6 +13,8 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@ -72,6 +74,8 @@
TERMINAL = "alacritty"; TERMINAL = "alacritty";
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
etc = {
"etc/fail2ban/filter.d/gitea.conf".source = ../modules/services/server/fail2ban/filter/gitea.conf;
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [ # Default packages install system-wide
vim vim
@ -107,6 +111,19 @@
}; };
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5;
jails = {
gitea = ''
enabled = true
filter = gitea
backend = systemd
maxretry = 10
findtime = 3600
bantime = 900
action = iptables-allports
filter = gitea
'';
};
}; };
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up #flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up

3
modules/services/server/fail2ban/filter/gitea.conf Normal file
View File

@ -0,0 +1,3 @@
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =