albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

Move logrotation out of the fail2ban config

Browse source
This commit is contained in:
albert 2025-03-10 10:09:48 -07:00
parent 9d2409a60c
commit 49cadb8d64
Signed by: albert
GPG key ID: 3895DD267CA11BA9
4 changed files with 25 additions and 13 deletions
nixos
common/modules
fail2ban
traefik.nix
logrotate
traefik.nix
hosts
nuc-server
default.nix
warsaw-ovh-01
default.nix

14
nixos/common/modules/fail2ban/traefik.nix
View file

@ -4,21 +4,11 @@
# https://blog.lrvt.de/configuring-fail2ban-with-traefik/
# https://nixos.wiki/wiki/Fail2ban#Extending_Fail2ban
services.logrotate = {
enable = true;
checkConfig = true;
settings = {
"/var/log/traefik/access.log" = {
frequency = "daily";
rotate = 30;
};
};
};
services.fail2ban.jails = {
traefik-general-forceful-browsing = {
settings = {
enabled = true;
# NOTE: This is disabled.
enabled = false;
filter = "traefik-general-forceful-browsing";
action = "action-ban-docker-forceful-browsing";
logpath = "/var/log/traefik/access.log";

16
nixos/common/modules/logrotate/traefik.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }: {
# NOTE: This is dependent on the Traefik access.log being set in traefik.yml
# Curently this is only enabled on the external traefik instance for
# sysctl.io
# TODO: I need to check on if Promtail is ingesting this log.
services.logrotate = {
enable = true;
checkConfig = true;
settings = {
"/var/log/traefik/access.log" = {
frequency = "daily";
rotate = 30;
};
};
};
}

6
nixos/hosts/nuc-server/default.nix
View file

@ -7,12 +7,16 @@ in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
( import ../../common/services/syncthing/pictures.nix { path = "/Storage/Media/Pictures/RAW"; })
../../common/services/tailscale-autoconnect.nix
../../common/modules/secureboot.nix
../../common/modules/ssh-luks.nix
../../common/modules/logrotate/traefik.nix
../../common/services/tailscale-autoconnect.nix
../../common/services/docker.nix
../../common/services/forgejo-runner.nix
../../common/services/syncthing/default.nix
./disks.nix
./mounts.nix
./cron.nix

2
nixos/hosts/warsaw-ovh-01/default.nix
View file

@ -3,6 +3,8 @@
(modulesPath + "/installer/scan/not-detected.nix")
../../common/modules/boot.nix
../../common/modules/builder.nix
../../common/modules/logrotate/traefik.nix
../../common/services/docker.nix
../../common/services/tailscale-autoconnect.nix
../../common/services/forgejo-runner.nix