Bump

author: Fuwn <[email protected]> 2024-09-05 02:14:50 -0700
committer: Fuwn <[email protected]> 2024-09-05 02:14:50 -0700
commit: 21db2e5762854966fb735e68d001e4ab6dbbbcbf (patch)
tree: abb082f3a762b9dcddb66ece6dc5cbfcd314fb9f /modules/system/networking/fail2ban.nix
parent: Bump: docker (diff)
download: nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.tar.xz
nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.zip
1 files changed, 9 insertions, 7 deletions
diff --git a/modules/system/networking/fail2ban.nix b/modules/system/networking/fail2ban.nix
index fa45565..6311b14 100644
--- a/modules/system/networking/fail2ban.nix
+++ b/modules/system/networking/fail2ban.nix
@@ -1,18 +1,20 @@
-{ lib, config, ... }:
+{ pkgs, lib, ... }:
 {
   services.fail2ban = {
     enable = false;
+    banaction = "nftables-multiport";
+    banaction-allports = lib.mkDefault "nftables-allport";
+
+    extraPackages = with pkgs; [
+      nftables
+      ipset
+    ];
 
     ignoreIP = [
       "10.0.0.0/8"
       "172.16.0.0/12"
+      "100.64.0.0/16"
       "192.168.0.0/16"
     ];
-
-    jails.sshd.settings = {
-      enabled = true;
-      filter = "sshd[mode=aggressive]";
-      port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
-    };
   };
 }
author	Fuwn <[email protected]>	2024-09-05 02:14:50 -0700
committer	Fuwn <[email protected]>	2024-09-05 02:14:50 -0700
commit	21db2e5762854966fb735e68d001e4ab6dbbbcbf (patch)
tree	abb082f3a762b9dcddb66ece6dc5cbfcd314fb9f /modules/system/networking/fail2ban.nix
parent	Bump: docker (diff)
download	nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.tar.xz nixos-config-21db2e5762854966fb735e68d001e4ab6dbbbcbf.zip