mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 13:23:11 +01:00
34 lines
642 B
Nix
34 lines
642 B
Nix
{ lib, ... }:
|
|
{
|
|
services.fail2ban = {
|
|
enable = true;
|
|
ignoreIP = [
|
|
"141.30.0.0/16"
|
|
"141.76.0.0/16"
|
|
];
|
|
bantime = "10m";
|
|
bantime-increment = {
|
|
enable = true;
|
|
};
|
|
jails = {
|
|
sshd = lib.mkForce ''
|
|
enabled = true
|
|
port = ssh
|
|
filter= sshd[mode=aggressive]
|
|
'';
|
|
dovecot = ''
|
|
enabled = true
|
|
# aggressive mode add blocking for aborted connections
|
|
filter = dovecot[mode=aggressive]
|
|
maxretry = 3
|
|
'';
|
|
postfix = ''
|
|
enabled = true
|
|
filter = postfix[mode=aggressive]
|
|
maxretry = 3
|
|
'';
|
|
};
|
|
};
|
|
}
|
|
|