modules: services: sabnzbd: add fail2ban jail

2023-02-20 22:26:51 +01:00 · 2023-02-20 22:26:51 +01:00 · 3505b4d7f0
parent 86aa156fc0
commit 3505b4d7f0
1 changed files with 29 additions and 0 deletions
--- a/modules/services/sabnzbd/default.nix
+++ b/modules/services/sabnzbd/default.nix
@ -24,5 +24,34 @@ in
        inherit port;
      }
    ];
+
+    services.fail2ban.jails = {
+      sabnzbd = ''
+        enabled = true
+        filter = sabnzbd
+        port = http,https
+        # Unfortunately, sabnzbd does not log to systemd journal
+        backend = auto
+        logpath = /var/lib/sabnzbd/logs/sabnzbd.log
+      '';
+    };
+
+    environment.etc = {
+      # FIXME: path to log file
+      "fail2ban/filter.d/sabnzbd.conf".text = ''
+        [Definition]
+        failregex = ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: .* \(X-Forwarded-For: <HOST>\) .*$
+                    ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: <HOST> .*$
+                    ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: .* \(X-Forwarded-For: <HOST>\) .*$
+                    ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: <HOST> .*$
+                    ^.*WARNING.*Refused connection from: .* \(X-Forwarded-For: <HOST>\) .*$
+                    ^.*WARNING.*Refused connection from: <HOST> .*$
+                    ^.*WARNING.*Refused connection with hostname ".*" from: .* \(X-Forwarded-For: <HOST>\) .*$
+                    ^.*WARNING.*Refused connection with hostname ".*" from: <HOST> .*$
+                    ^.*WARNING.*Unsuccessful login attempt from .* \(X-Forwarded-For: <HOST>\) .*$
+                    ^.*WARNING.*Unsuccessful login attempt from <HOST> .*$
+        journalmatch = _SYSTEMD_UNIT=sabnzbd.service
+      '';
+    };
  };
 }