add vpn addresses to fail2ban whitelist

2025-01-25 00:15:24 -06:00 · 2025-01-25 00:15:24 -06:00 · 7f692459a9
commit 7f692459a9
parent 4a7bda944f
1 changed files with 8 additions and 2 deletions
--- a/sys/platforms/vps/srv/net.nix
+++ b/sys/platforms/vps/srv/net.nix
@ -3,7 +3,9 @@
  pkgs,
  ...
 }:
-with lib; {
+with lib; let
+  inherit (config.local.sys) nets;
+in {
  networking = {
    nftables.enable = false; # learn how to use this later
    firewall = {
@ -52,7 +54,11 @@ with lib; {
    fail2ban = {
      enable = true;
      bantime = "10m";
-      ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP
+      ignoreIP = [
+        nets.default.hosts.vps.v6.cidr
+        nets.default.hosts.vps.v4.address
+        nets.vpn.v6.cidr
+      ];
      bantime-increment = {
        enable = true;
        formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";