enabled fail2ban for sshd, will enable for more services later.

This commit is contained in:
Gabe Venberg 2025-05-07 16:06:26 +02:00
parent 16514fe6c3
commit 1fd85a0978
2 changed files with 19 additions and 0 deletions

View file

@ -0,0 +1,16 @@
{
config,
pkgs,
inputs,
lib,
myLib,
...
}: {
services.fail2ban = {
enable = true;
bantime-increment.enable = true;
bantime-increment.maxtime = "1w";
extraPackages = [pkgs.ipset];
banaction = "iptables-ipset-proto6-allports";
};
}

View file

@ -6,6 +6,9 @@
myLib,
...
}: {
imports = [
./fail2ban.nix
];
services.openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";