From 66d7dd6efe49d1b3c257018f49c3c84df9c0b398 Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Mon, 25 Jul 2022 18:33:24 +0800
Subject: [PATCH] nixbld: enable more fail2ban filters

---
 nixbld-etc-nixos/configuration.nix | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index 16c35c8..eba5637 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -59,6 +59,30 @@ in
     filter = sshd
     action = iptables-allports
     '';
+  services.fail2ban.jails.nginx-botsearch =
+    ''
+    enabled = true
+    filter = nginx-botsearch
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.nginx-limit-req =
+    ''
+    enabled = true
+    filter = nginx-limit-req
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.postfix =
+    ''
+    enabled = true
+    filter = postfix
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.dovecot =
+    ''
+    enabled = true
+    filter = dovecot
+    action = iptables-allports
+    '';
 
   networking = {
     hostName = "nixbld";