1
0
Fork 0

nixbld: enable fail2ban

This commit is contained in:
Sebastien Bourdeauducq 2022-01-03 14:34:57 +08:00
parent ec7e9209f5
commit 910506d3e4
1 changed files with 9 additions and 0 deletions

View File

@ -45,6 +45,15 @@ in
]; ];
security.apparmor.enable = true; security.apparmor.enable = true;
services.fail2ban.enable = true;
services.fail2ban.maxretry = 9;
services.fail2ban.bantime-increment.enable = true;
services.fail2ban.jails.sshd =
''
enabled = true
filter = sshd
action = iptables-allports
'';
networking = { networking = {
hostName = "nixbld"; hostName = "nixbld";