treewide: Add fail2ban

2022-10-14 01:11:15 +01:00 · 2022-10-14 01:11:15 +01:00 · c4fa991b62
commit c4fa991b62
parent 325e8a0ea1
3 changed files with 63 additions and 0 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -84,5 +84,26 @@
    acceptTerms = true;
  };

+  services.fail2ban = {
+    enable = true;
+    extraPackages = [pkgs.ipset];
+    banaction = "iptables-ipset-proto6-allports";
+    bantime-increment.enable = true;
+
+    jails = {
+      nginx-botsearch = ''
+        enabled = true
+        logpath = /var/log/nginx/access.log
+      '';
+    };
+
+    ignoreIP = [
+      "127.0.0.0/8"
+      "10.0.0.0/8"
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+    ];
+  };
+
  system.stateVersion = "20.09";
 }