modules/system/networking/fail2ban.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

{ lib, config, ... }:
{
  services.fail2ban = {
    enable = false;

    ignoreIP = [
      "10.0.0.0/8"
      "172.16.0.0/12"
      "192.168.0.0/16"
    ];

    jails.sshd.settings = {
      enabled = true;
      filter = "sshd[mode=aggressive]";
      port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
    };
  };
}