chema/nix_config
1
0
Fork 0
forked from fabian/nix
Code Pull requests Activity

add vpn addresses to fail2ban whitelist

Browse source
This commit is contained in:
Fabian Montero 2025-01-25 00:15:24 -06:00
parent 4a7bda944f
commit 7f692459a9
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
sys/platforms/vps/srv/net.nix
View file

@ -3,7 +3,9 @@
pkgs, pkgs,
... ...
}: }:
with lib; { with lib; let
inherit (config.local.sys) nets;
in {
networking = { networking = {
nftables.enable = false; # learn how to use this later nftables.enable = false; # learn how to use this later
firewall = { firewall = {
@ -52,7 +54,11 @@ with lib; {
fail2ban = { fail2ban = {
enable = true; enable = true;
bantime = "10m"; bantime = "10m";
ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP ignoreIP = [
nets.default.hosts.vps.v6.cidr
nets.default.hosts.vps.v4.address
nets.vpn.v6.cidr
];
bantime-increment = { bantime-increment = {
enable = true; enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";