fail2ban

2025-03-04 00:43:56 +01:00 · 2025-03-04 00:43:56 +01:00 · 659014a05f
parent bb3fd6ee57
commit 659014a05f
2 changed files with 25 additions and 2 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -7,6 +7,7 @@
    ./services/jellyfin.nix
    ./services/website.nix
    ./services/mailserver.nix
+    ./services/fail2ban.nix
    ./services/misc.nix

    ./modules/git.nix
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@ -1,4 +1,26 @@
-{...}:
-{
+{config, ...}: {
+  services.fail2ban = {
+    enable = true;

+    jails = {
+      dovecot = lib.mkIf config.services.dovecot2.enable {
+        settings = {
+          # block IPs which failed to log-in
+          # aggressive mode add blocking for aborted connections
+          filter = "dovecot[mode=aggressive]";
+          maxretry = 3;
+        };
+      };
+
+      jellyfin = lib.mkIf config.services.jellyfin.enable {
+        backend = "auto";
+        enabled = true;
+        port = [80 443];
+        maxretry = 3;
+        bantime = 86400;
+        findtime = 43200;
+        logpath = "/var/lib/jellyfin/log/*.log";
+      };
+    };
+  };
 }