From 85e6ebbc29633619bef9caef70b79025b4229a78 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 2 Nov 2023 22:50:23 +0100
Subject: [PATCH] fail2ban: disable tor lists some people have legimitate
 interest in accessing our services via tor in case of abuse out of these
 networks this commit can be reverted

---
 modules/fail2ban.nix | 31 -------------------------------
 1 file changed, 31 deletions(-)

diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix
index b563f90..e0194ba 100644
--- a/modules/fail2ban.nix
+++ b/modules/fail2ban.nix
@@ -11,11 +11,6 @@
     };
 
     jails = {
-      tor = ''
-        enabled = true
-        bantime = 25h
-        action = nftables-allports
-      '';
       dovecot = ''
         enabled = true
         # aggressive mode to add blocking for aborted connections
@@ -29,30 +24,4 @@
       '';
     };
   };
-
-  environment.etc = {
-    # dummy filter
-    "fail2ban/filter.d/tor.conf".text = ''
-      [Definition]
-      failregex =
-      ignoreregex =
-    '';
-  };
-
-  systemd.services."fail2ban-tor" = {
-    script = ''
-      ${lib.getExe pkgs.curl} -fsSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do
-        ${config.services.fail2ban.package}/bin/fail2ban-client set "tor" banip "$IP" > /dev/null
-      done
-    '';
-  };
-
-  systemd.timers."fail2ban-tor" = {
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-      Unit = "fail2ban-tor.service";
-    };
-  };
 }