diff options
Diffstat (limited to 'system/services/fail2ban')
-rw-r--r-- | system/services/fail2ban/default.nix | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/system/services/fail2ban/default.nix b/system/services/fail2ban/default.nix deleted file mode 100644 index 1c47568..0000000 --- a/system/services/fail2ban/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{...}: { - vhack.persist.directories = [ - { - directory = "/var/lib/fail2ban"; - user = "fail2ban"; - group = "fail2ban"; - mode = "0700"; - } - ]; - - services.fail2ban = { - enable = true; - maxretry = 7; # ban after 7 failures - daemonSettings = { - Definition = { - logtarget = "SYSLOG"; - socket = "/run/fail2ban/fail2ban.sock"; - pidfile = "/run/fail2ban/fail2ban.pid"; - dbfile = "/var/lib/fail2ban/db.sqlite3"; - }; - }; - bantime-increment = { - enable = true; - rndtime = "8m"; - overalljails = true; - multipliers = "2 4 16 128 256"; - maxtime = "72h"; - }; - jails = { - dovecot = '' - # block IPs which failed to log-in - # aggressive mode add blocking for aborted connections - enabled = true - filter = dovecot[mode=aggressive] - maxretry = 2 - ''; - postfix = '' - enabled = true - filter = postfix[mode=aggressive] - findtime = 600 - maxretry = 3 - ''; - }; - }; -} |