machines/magenta: add fail2ban module ssh+gitea
This commit is contained in:
parent
792007ac4f
commit
cdc8e5fbd2
2 changed files with 20 additions and 2 deletions
|
@ -7,9 +7,11 @@ in
|
|||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
|
||||
../modules/common.nix
|
||||
../modules/nix.nix
|
||||
../modules/nginx.nix
|
||||
|
||||
./services/mailserver.nix
|
||||
./services/gitea.nix
|
||||
];
|
||||
|
@ -25,4 +27,6 @@ in
|
|||
acceptTerms = true;
|
||||
defaults.email = "dmitriy@pleshevski.ru";
|
||||
};
|
||||
|
||||
services.fail2ban.enable = true;
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ in
|
|||
lfs.enable = true;
|
||||
settings = {
|
||||
log = {
|
||||
LEVEL = "Debug";
|
||||
LEVEL = "Info";
|
||||
ENABLE_SSH_LOG = true;
|
||||
};
|
||||
database = {
|
||||
|
@ -41,7 +41,6 @@ in
|
|||
LOG_SQL = false;
|
||||
};
|
||||
server = {
|
||||
DISABLE_ROUTER_LOG = true;
|
||||
LANDING_PAGE = "explore";
|
||||
};
|
||||
service = {
|
||||
|
@ -116,4 +115,19 @@ in
|
|||
owner = config.services.gitea.user;
|
||||
group = "gitea";
|
||||
};
|
||||
|
||||
services.fail2ban.jails.gitea = ''
|
||||
enabled = true
|
||||
filter = gitea
|
||||
findtime = 3600
|
||||
bantime = 900
|
||||
action = iptables-allports
|
||||
'';
|
||||
|
||||
environment.etc."fail2ban/filter.d/gitea.conf".source = pkgs.writeText "gitea.conf" ''
|
||||
[Definition]
|
||||
failregex = .*Failed authentication attempt for .* from <HOST>
|
||||
ignoreregex =
|
||||
journalmatch = _SYSTEMD_UNIT=gitea.service
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue