caandt/nix-conf
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fail2ban

Browse source
This commit is contained in:
caandt 2024-12-29 23:06:18 -05:00
parent dc493d1ac1
commit 56dc8655f8
1 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
hosts/mikan/config.nix
View file

@ -9,7 +9,23 @@
};
};
networking.firewall.allowedTCPPorts = [2291 80 443];
services.fail2ban.enable = true;
services.fail2ban = {
enable = true;
jails = {
"nginx".settings = {
filter = "nginx-4";
logpath = "/var/log/nginx/access.log";
backend = "auto";
maxretry = 8;
bantime = 600;
findtime = 120;
};
};
};
environment.etc."fail2ban/filter.d/nginx-4.conf".text = ''
[Definition]
failregex = ^<HOST> - - \[.*\] \".*\" (4..).+$
'';
services.qemuGuest.enable = true;
services.forgejo = {
enable = true;
@ -44,7 +60,7 @@
useACMEHost = "twoha.cc";
forceSSL = true;
serverName = "twoha.cc";
locations."/".return = 502;
locations."/".return = 401;
};
virtualHosts."u.twoha.cc" = {
useACMEHost = "twoha.cc";
@ -77,7 +93,7 @@
useACMEHost = "twoha.cc";
serverName = "*.twoha.cc";
forceSSL = true;
locations."/".return = 502;
locations."/".return = 401;
};
virtualHosts."g.twoha.cc" = {
forceSSL = true;