Testing ownership changes for fail2ban
This commit is contained in:
parent
132b48dfb3
commit
c01a38b3b7
4 changed files with 22 additions and 13 deletions
|
@ -10,9 +10,6 @@
|
|||
# Desktop Environments
|
||||
./desktops/common.nix
|
||||
./desktops/gnome.nix
|
||||
|
||||
# Software
|
||||
./software/firefox.nix
|
||||
|
||||
# Services
|
||||
./services/openssh.nix
|
||||
|
@ -53,12 +50,6 @@
|
|||
enable = true;
|
||||
};
|
||||
|
||||
# Password set via wpa_supplicant command
|
||||
# https://nixos.org/manual/nixos/unstable/index.html#sec-wireless
|
||||
wireless.networks = { # Use nix-sops for this
|
||||
copeland-5g.psk = config.sops.secrets.wireless.copeland-5g.psk.path;
|
||||
};
|
||||
|
||||
enableIPv6 = false;
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
@ -93,9 +84,6 @@
|
|||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
};
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Enable flakes: https://nixos.wiki/wiki/Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
|
|
|
@ -11,6 +11,11 @@
|
|||
];
|
||||
};
|
||||
|
||||
imports = [
|
||||
# Software configurations
|
||||
./software/firefox.nix
|
||||
];
|
||||
|
||||
# Enable sound with pipewire.
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
|
|
@ -1,5 +1,22 @@
|
|||
{ config, pkgs, ... }: {
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 5; # Observe 5 violations before banning an IP
|
||||
ignoreIP = [
|
||||
"100.64.0.0/24" # Headscale network
|
||||
];
|
||||
bantime = "24h"; # Set bantime to one day
|
||||
bantime-increment = {
|
||||
enable = true; # Enable increment of bantime after each violation
|
||||
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
||||
multipliers = "1 2 4 8 16 32 64";
|
||||
maxtime = "168h"; # Do not ban for more than 1 week
|
||||
overalljails = true; # Calculate the bantime based on all the violations
|
||||
};
|
||||
};
|
||||
|
||||
# The SystemD Unit file configuration
|
||||
systemd.services.fail2ban = {
|
||||
postStart = "chown root:telegraf /var/run/fail2ban/fail2ban.socket"
|
||||
};
|
||||
}
|
|
@ -55,7 +55,6 @@
|
|||
swap = {};
|
||||
system = {};
|
||||
fail2ban = {};
|
||||
hddtemp = {};
|
||||
intel_powerstat = {};
|
||||
net = {};
|
||||
nvidia_smi = {};
|
||||
|
|
Loading…
Reference in a new issue