From 659014a05f60f124724b5b64e4e895ab6356a05d Mon Sep 17 00:00:00 2001
From: baritone <baritone@mail.spoodythe.one>
Date: Tue, 4 Mar 2025 00:43:56 +0100
Subject: [PATCH] fail2ban

---
 configuration.nix     |  1 +
 services/fail2ban.nix | 26 ++++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 8674c45..8a07e00 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -7,6 +7,7 @@
     ./services/jellyfin.nix
     ./services/website.nix
     ./services/mailserver.nix
+    ./services/fail2ban.nix
     ./services/misc.nix
 
     ./modules/git.nix
diff --git a/services/fail2ban.nix b/services/fail2ban.nix
index 184d085..7737852 100644
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@@ -1,4 +1,26 @@
-{...}:
-{
+{config, ...}: {
+  services.fail2ban = {
+    enable = true;
 
+    jails = {
+      dovecot = lib.mkIf config.services.dovecot2.enable {
+        settings = {
+          # block IPs which failed to log-in
+          # aggressive mode add blocking for aborted connections
+          filter = "dovecot[mode=aggressive]";
+          maxretry = 3;
+        };
+      };
+
+      jellyfin = lib.mkIf config.services.jellyfin.enable {
+        backend = "auto";
+        enabled = true;
+        port = [80 443];
+        maxretry = 3;
+        bantime = 86400;
+        findtime = 43200;
+        logpath = "/var/lib/jellyfin/log/*.log";
+      };
+    };
+  };
 }