25 lines
560 B
Nix
25 lines
560 B
Nix
{ pkgs, ... }:
|
|
{
|
|
config = {
|
|
services.fail2ban = {
|
|
enable = true;
|
|
|
|
extraPackages = with pkgs; [ nftables ];
|
|
maxretry = 5;
|
|
bantime = "10m";
|
|
ignoreIP = [
|
|
"100.64.0.0/16" # Tailscale
|
|
];
|
|
|
|
banaction = "nftables-multiport";
|
|
banaction-allports = "nftables-allports";
|
|
|
|
bantime-increment = {
|
|
enable = true;
|
|
multipliers = "2 8 32 128 512 2048";
|
|
maxtime = "2400h"; # 100 days
|
|
overalljails = true; # Calculate the bantime based on all the violations
|
|
};
|
|
};
|
|
};
|
|
}
|