enabled fail2ban for sshd, will enable for more services later.
This commit is contained in:
parent
16514fe6c3
commit
1fd85a0978
2 changed files with 19 additions and 0 deletions
16
configs/nixos/fail2ban.nix
Normal file
16
configs/nixos/fail2ban.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
myLib,
|
||||
...
|
||||
}: {
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
bantime-increment.enable = true;
|
||||
bantime-increment.maxtime = "1w";
|
||||
extraPackages = [pkgs.ipset];
|
||||
banaction = "iptables-ipset-proto6-allports";
|
||||
};
|
||||
}
|
|
@ -6,6 +6,9 @@
|
|||
myLib,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./fail2ban.nix
|
||||
];
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PermitRootLogin = "prohibit-password";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue