From 910506d3e42783e247c021badda90f295789a34d Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Mon, 3 Jan 2022 14:34:57 +0800 Subject: [PATCH] nixbld: enable fail2ban --- nixbld-etc-nixos/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 5947719e..6701784e 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -45,6 +45,15 @@ in ]; security.apparmor.enable = true; + services.fail2ban.enable = true; + services.fail2ban.maxretry = 9; + services.fail2ban.bantime-increment.enable = true; + services.fail2ban.jails.sshd = + '' + enabled = true + filter = sshd + action = iptables-allports + ''; networking = { hostName = "nixbld";