Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:1771fba57b5ced7e86070779fffd66aec08366b3
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:c17489376e9940d80a6c62a4882687dcc813735a
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

2 Commits
1771fba57b ... c17489376e

Author SHA1 Message Date
Kabbone
c17489376e
server: nextcloud: enable fail2ban 2023-06-04 15:03:12 +02:00
Kabbone
6059c3c0ba
server: gitea: fail2ban fix 2023-06-04 14:22:57 +02:00
4 changed files with 24 additions and 3 deletions
Show Stats Expand all files Collapse all files

17
hosts/configuration_server.nix
View File

@ -80,6 +80,10 @@
source = ../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
@ -116,16 +120,23 @@
fail2ban = {
enable = true;
maxretry = 5;
extraSettings = {
findtime = "15m";
bantime = "1h";
};
jails = {
gitea = ''
enabled = true
filter = gitea
backend = systemd
maxretry = 10
findtime = 3600
bantime = 900
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
};
};

2
modules/services/server/fail2ban/filter/gitea.conf
View File

@ -1,3 +1,5 @@
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
#journalmatch = _SYSTEMD_UNIT=gitea.servie
journalmatch =

6
modules/services/server/fail2ban/filter/nextcloud.conf Normal file
View File

@ -0,0 +1,6 @@
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
journalmatch =

2
modules/services/server/nextcloud.nix
View File

@ -8,11 +8,13 @@
package = pkgs.nextcloud26;
enableBrokenCiphersForSSE = false;
database.createLocally = false;
logType = "file";
caching = {
redis = true;
apcu = false;
};
extraOptions = {
logfile = "nextcloud.log";
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;