From 8d848d0c7b833a0da73a92d186d5f3a062c9443e Mon Sep 17 00:00:00 2001
From: baritone <baritone@mail.spoodythe.one>
Date: Thu, 27 Mar 2025 15:40:42 +0100
Subject: [PATCH] added more fail2ban fiters

---
 services/.auto-torrent.nix.swp | Bin 0 -> 16384 bytes
 services/fail2ban.nix          |  50 +++++++++++++++++++++++++++++++--
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 services/.auto-torrent.nix.swp

diff --git a/services/.auto-torrent.nix.swp b/services/.auto-torrent.nix.swp
new file mode 100644
index 0000000000000000000000000000000000000000..55853d9b90995ca01e4b0fdfcf8305d56f8b2058
GIT binary patch
literal 16384
zcmeI3ZHy#E8ONIgMDKX<g)hcLir$OIdDlHJyUXm}iMZ_E!NPJ3x5ud*sJ+uQGtG8)
z4c#>}ySHv2IX-}XFqdGWF(Qc?`Cz~o2x`y|YW#rs0`ZKRs6YfsL@~xhjnVjjs$ZsN
zXKy(PK}>q!cQe!dRMk^YJyrEQHN8vaqx09ZX}e<J^=8Ak^IOlhw!hObZaKBXSaKpy
zijdQ-tzI#YdOX@nBDq)MvQY}X6%m)Hh}Yn8$>~aANfAXnls4|Yd@Y4UVS&N|ugn4$
z7~|DSnaYltm$J9L^`=)=O;M__Kw*Kx0)+(%3ltV8EKpdWus~sf|4R$V&Nkx?Xud7g
z{zUqI)`s`9)9+6De%FTk>DS_|us~sf!UBZ_3JVk#C@fG|ps+w;fx-fX1qurk7I+<6
zz;O-ZV(2wR2LSl}Kg<9BeUV}O6}$+Z2fqbB0$&7Q0G|SPf;PATRKQ-a2fPFP^FovX
z-v*xtcYzb23M_Cw*a4otz%af6z7D<yJ`COq-VXkJzG3_VJO!Qv4}<%_D!2t42D`yq
zz&~~v#!KLN@ErIFcmzBQJ`L7E1lnK$>;c=r-?tmapTJY#0dNoKfF`&FTnS8Y7I@)J
zhVdJ43j7Q_1XjQT7y}o9-@VZ=ehGd6z6|aMEl>s*f^Fb$=NZPY!4JVB;B(*}@KJC(
zXoD6w0Cs|lz`x#L7=HlIf@i?P-~{*pu)x`18+hSd!*~Lm1a)u~xCC4bc7W~R>2okP
z;688(xF3f*4BQ7F_$>H1I0mKx`9%$kyqJ1*BGHPRAhvs6VDr#f@;SSL$*9Zs8yh4-
zClmt_-&?YS<%1$>aMpDEIF}z|&2D3vku<bYuXr_<JaFyop%FX6LnFx(Bk84C5jMS+
zePD$*7Nrx(dPHh;mRqr%G&J92iFQ_22{TJkH!L-}sv;|CqZIc`OI}!tea<_qVrHEf
z(cm_xvCO5+RC>+Zj~v&DqW@X*u?Szo=EvBg8V}j#0c(ngIjrCI;Av8@z**)j?qa+-
zo<UlbZ7*ywFJ>{9tlP;vDCDv)qGjB(`(DIbT_<t}zL>ac>TK)Tm@}q*Wb7~x950+{
zN**0p@g&^KT;*}@A>^pLb`8qX_nm9X1M?Q~oRje5b>(6GmUVmAgQIslki)lza^ZD@
z3MQ}In=@DL<8ds$*yg^!*oeH2WM;ob#q79kqH!ZD$e3L1&;&5?@K)RwQqyv1!a!s#
zGZABbCzRa1Y86+HnL*c=p4El8jS1D_(!6!hIg*T(SZY{HguWN@O++0s*qMpCJXYQE
zM2G^Wn#e3S9)m`H&vEm<jLb<hrm1h`B}~+kcTdyaoU*6v346lK4W_Q(s&=JPw##;<
zT(K+JMa_poC*WjA9w{rN^=JaH+uSv?btsUoZK;UnQQAkwH0@{*M>Wi^4r!^bPTT6g
zOij8rcW9AJZqR3XrJ5zHl(I^4eM7^#^D%a{BYEFhy&+ui!etcF7xkogDuH{ZGS|*E
zDHdf!Gq4v}Ug+|bb-Ow_kq=o?Y>vm$3mut`vtFtbT0C?+!VBekX}mgAaLve+W^9bj
z@umY8Ws&Ggp5Ia5^fB4c!!7izl&YFXIIbJ<c(|s(k&Sk`(qBI_JClo`vw_pdrbp(N
zsnPB9J+{%f#U-XHxn<IqVVA+K<$4WCo9H~IV$^gR{1CYsN(}9h!^I9Ii<_H|QChj?
zRQkwzVVh$iVc5E*$do2^0?`d+oor7dS_+_yGc*FR=+bt*`AzAx=#DC7xn87|%zBFz
zHC2t8J7YaUef?rg)1v1@CG78|oog5Znw0BWt5^jSm0U+UXQa^v1K?@Yk{t;vMzFz$
zD%MmWp;3Xf<xL7_w(vr2eyX7$>-D?{)1o=pRsydPiC%ye-hn?t#OE?wv9o&tcEu}L
zrCgoJMsti+T1!kc8E%PaH7jr$hk);*{IC<#0A-tqbUH)5_sG-CUZ79hY`SZLSx+-H
z;a7=E>$57EEH+kd$&X?=P1l6#q+Om&>q<68G`VKm_WC|X^=5VU5P1#;pJb@7**@H8
z2f}66VOFcvSmMvP%UGi=`XOCUt6`;4M@j|t3Qi*wEW_KG)j3TqX%C%-^m=N|OZILo
z2Nb$k1MRKcPtgyGT4S}8s)z#{GFmrprClDHr2}c+hEQO&>4hd1M5lqrsbduq(ZofZ
z<hyt%n=#tMW1FwY$hk><%#5clU5zEPlZ*&tvs?63w%Sdh%CU5Ap;0(3S-&G98C$*=
z(?XF4*^ZPEqORBuoX!k=J|Y%K<T9F=`&iHMyV;vfHSA96*-stH;~!Lrl_!*?e#@qT
zZz(6(7`hKOqn@^7P}$1#xIJFAs}oapt*pwX+S5(_S@Y~(;{0a0y02W;{!g|ZlvTSJ
z3Rje#>&Xm*DZ@DMVscm27YIz3ry;}e%5nqhB;BY~YRQc>Xiu-#rfO5k^)#AJuTM=+
zP1AMyN&}-@x{cw$=dJcH)g$-~#IiBjZ(zRAioqD>4%LZ_XfNKAIkneVGbsN*iTut&
z9!U9r_WS-z$l)Ia_k$B)349P-3bunkB6oiRd=GpK#Nb9S0rr4*gBOv*p8}79&wxId
z1?PdkAZPzRxEp)~)W8n#407_PK^^=YIroF$PVgbH2=)L2d=<I&1K>;Gli)Zw44y-N
z{VVV!_$i?L`);rT1PH+*cn{bG&H=wie*GQr32+x!0}==jf?eRp$gRH#PJ%l?6U>7N
z@GfvJcn-Ps<KQvyAh;Jua5Go{SAsF{ENp!WJPy7K9s^$i4*>y6fW~7lC|-pHUN;t?
z@J)+7n@FYmj_=z*^tpS}T)mzyTF0i!Y+_>kR<>u4wq4M&wnh0PvoBj76{IWU?qu!U
zt*+>iWx7U_;D!_)B_px2T6a`nZ?>iE>?<L7q{Vf8pB~Q8UZocH;egT?4Yh@1^DgOO
zJhg=Fk>0YG9_iAxIQFqHkLFN}QK~^pJ0+a>Pc7qFE%csl3$W&J3u}fhwRw9(Swkj%
zh7GC>TN&Z>?NSWDDO*3LDU<BhGqcwp*rdm3d~tDM<c4YtR|lP<r~wzuoogzvx8sfw
zF3xwjjYEyxNJFs&6{fVD{;<prTVA+=W64N%9se4PFzuyFT@S|^A)N}w@`zAj3cD=Z
zF74BXFsOKpA>m_beT-ZtPR^oypFu0;dd()MzhcW(U^rh4)p1m)BzggbI;nf+UYdW%
zZ!z_{Zpl?ipb8xMOc!m0(o6hr#C(jAQ{#xseObX7nyV@hL@goCRP@oU^C<A-VIky#
zfc?n+!-rf5@L<1I5|<>3vh-wigHriGhz<|qxQ*K?lA%J{T#=2A+YLHKR#$#{lN^?%
z*LeuTi!h)+5=;W>Iu2l+mP(2Go@}egW<T68EudLdYYZnV(8S_yb#k&Y&1UeL9Y1v3
znXULY&&^j39XT*b*XCy@FR#8|@Y3p$(ztu*D6;VB=(_r~H#T~$BL|Pqx34|w9=*C(
zi*FArEc+wL_fdy=G&qJy`)woYY>UV{&fV+yYHTm#AJ`(BFiCWt{2RgU%1ntd#+b{O
zx-E=DYm;t`F%`cb^c^)C$4txeMGNt2Q<yCI(!?1lJ}23YXqAS-RtW1ydSk4E>`X*~
z6Qa9Z)*T${b7X9!?C`SXB75?M<IZ`J@)s2blbBhnWl0<LKpO+bqE17dCT7#xaRcNn
zy6=$$*=peCR>W~eibIhR6_WaJQtw){nk6SSo35Z#D-Me#Pt%or1waUl$&?&d#fv!Y
zH}{%Ivnth^T8Aqz+~5qboPE<bi7e+;M_g(}7;-ggnU;zFs`;TI8eZ~VnLg=!pz+AY
z4F}J>%W=>~2Tf$#kzJz0d1TSPV<FLTMS$a7oPywRb(4V@k!^b|n(UWPPL5CN<2xdV
zbtsW5mvuQWY>1$PtcBB|4J49;P`6CU9taKjP~OGUmDHp+UCJ8pHgZ7xB6W~{Vc4v7
z{DcHCB)YdDanma7^QCJ<wrQz7rRihOvM{SGU3)#IXr~2K&Z`S)_0mFexIRmv74#XN
zi*&D!(aPek;k(HYZzz;6%zAT>$#=nEd6Qqu^0ix=)ztXGGzQ$z2)qraZdf63JsH0=
zE7tn8wRWle87M}+J+#_vY&yxiwU)P3d~3Cmx?T;flC1yL(JHCyjJ3iKYH65c{0D(*
B^8f$<

literal 0
HcmV?d00001

diff --git a/services/fail2ban.nix b/services/fail2ban.nix
index e6190b5..5805bb3 100755
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@@ -35,7 +35,6 @@
           bantime = "24h";
           findtime = "30m";
           journalmatch = "_SYSTEMD_UNIT=jellyfin.service";
-          # logpath = "/var/lib/jellyfin/log/*.log";
         };
       };
 
@@ -49,9 +48,46 @@
           bantime = "24h";
           findtime = "30m";
           journalmatch = "_SYSTEMD_UNIT=forgejo.service";
-          # logpath = "/var/lib/forgejo/log/*.log";
         };
       };
+
+      sonarr = lib.mkIf (config.microvm.vms."auto-torrent" != null) {
+        settings = {
+          filter = "arr";
+          backend = "auto";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          logpath = "/var/lib/auto-torrent/sonarr/logs/*.txt";
+        };
+      };
+      radarr = lib.mkIf (config.microvm.vms."auto-torrent" != null) {
+        settings = {
+          filter = "arr";
+          backend = "auto";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          logpath = "/var/lib/auto-torrent/radarr/logs/*.txt";
+        };
+      };
+    };
+
+    vaultwarden = lib.mkIf config.services.vaultwarden.enable {
+        settings = {
+          filter = "vaultwarden";
+          backend = "systemd";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+        };
     };
   };
 
@@ -66,6 +102,16 @@
       [Definition]
       failregex = ^.*Failed authentication attempt for .* from <ADDR>.*$
     '');
+    # *arr
+    "fail2ban/filter.d/arr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^.*Auth-Failure ip <ADDR> username.*$
+    '');
+    # Vaultwarden
+    "fail2ban/filter.d/arr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^.*Username or password is incorrect. Try again. IP: <ADDR>\. Username: .*$
+    '');
     # Defines a filter that detects URL probing by reading the Nginx access log
     "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
       [Definition]