enabled fail2ban for sshd, will enable for more services later.

2025-05-07 16:06:26 +02:00 · 2025-05-07 16:06:26 +02:00 · 1fd85a0978
commit 1fd85a0978
parent 16514fe6c3
2 changed files with 19 additions and 0 deletions
--- a/configs/nixos/fail2ban.nix
+++ b/configs/nixos/fail2ban.nix
@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  inputs,
+  lib,
+  myLib,
+  ...
+}: {
+  services.fail2ban = {
+    enable = true;
+    bantime-increment.enable = true;
+    bantime-increment.maxtime = "1w";
+    extraPackages = [pkgs.ipset];
+    banaction = "iptables-ipset-proto6-allports";
+  };
+}
--- a/configs/nixos/sshd.nix
+++ b/configs/nixos/sshd.nix
@ -6,6 +6,9 @@
  myLib,
  ...
 }: {
+  imports = [
+    ./fail2ban.nix
+  ];
  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "prohibit-password";