forked from M-Labs/it-infra
nixbld: enable fail2ban
This commit is contained in:
parent
ec7e9209f5
commit
910506d3e4
|
@ -45,6 +45,15 @@ in
|
|||
];
|
||||
|
||||
security.apparmor.enable = true;
|
||||
services.fail2ban.enable = true;
|
||||
services.fail2ban.maxretry = 9;
|
||||
services.fail2ban.bantime-increment.enable = true;
|
||||
services.fail2ban.jails.sshd =
|
||||
''
|
||||
enabled = true
|
||||
filter = sshd
|
||||
action = iptables-allports
|
||||
'';
|
||||
|
||||
networking = {
|
||||
hostName = "nixbld";
|
||||
|
|
Loading…
Reference in New Issue