nixbld: enable fail2ban

2022-01-03 14:34:57 +08:00 · 2022-01-03 14:34:57 +08:00 · 910506d3e4
parent ec7e9209f5
commit 910506d3e4
1 changed files with 9 additions and 0 deletions
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@ -45,6 +45,15 @@ in
  ];
  security.apparmor.enable = true;
  services.fail2ban.enable = true;
  services.fail2ban.maxretry = 9;
  services.fail2ban.bantime-increment.enable = true;
  services.fail2ban.jails.sshd =
    ''
    enabled = true
    filter = sshd
    action = iptables-allports
    '';
  networking = {
    hostName = "nixbld";