wireguard and fail2ban

2025-04-29 18:08:29 +02:00 · 2023-10-22 15:45:30 +02:00 · 2023-10-22 15:45:30 +02:00 · 5148ff5953
commit 5148ff5953
parent 78a47101ac
15 changed files with 132 additions and 67 deletions
--- a/hosts/falkenstein-1/modules/fail2ban/default.nix
+++ b/hosts/falkenstein-1/modules/fail2ban/default.nix
@ -0,0 +1,25 @@
+{ ... }:
+{
+  services.fail2ban = {
+    enable = true;
+    bantime = "10m";
+    bantime-increment = {
+      enable = true;
+    };
+    jails = {
+      dovecot = ''
+        enabled = true
+        # aggressive mode add blocking for aborted connections
+        filter = dovecot[mode=aggressive]
+        bantime = 10m
+        maxretry = 3
+      '';
+      postfix = ''
+        enabled = true
+        filter = postfix[mode=aggressive]
+        maxretry = 3
+      '';
+    };
+  };
+}
+