From 3505b4d7f01a47db1e3d680487dbcfde7e24be96 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Feb 2023 22:26:51 +0100 Subject: [PATCH] modules: services: sabnzbd: add fail2ban jail --- modules/services/sabnzbd/default.nix | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/modules/services/sabnzbd/default.nix b/modules/services/sabnzbd/default.nix index b9b99cf..7ab145f 100644 --- a/modules/services/sabnzbd/default.nix +++ b/modules/services/sabnzbd/default.nix @@ -24,5 +24,34 @@ in inherit port; } ]; + + services.fail2ban.jails = { + sabnzbd = '' + enabled = true + filter = sabnzbd + port = http,https + # Unfortunately, sabnzbd does not log to systemd journal + backend = auto + logpath = /var/lib/sabnzbd/logs/sabnzbd.log + ''; + }; + + environment.etc = { + # FIXME: path to log file + "fail2ban/filter.d/sabnzbd.conf".text = '' + [Definition] + failregex = ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: .* \(X-Forwarded-For: \) .*$ + ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: .*$ + ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: .* \(X-Forwarded-For: \) .*$ + ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: .*$ + ^.*WARNING.*Refused connection from: .* \(X-Forwarded-For: \) .*$ + ^.*WARNING.*Refused connection from: .*$ + ^.*WARNING.*Refused connection with hostname ".*" from: .* \(X-Forwarded-For: \) .*$ + ^.*WARNING.*Refused connection with hostname ".*" from: .*$ + ^.*WARNING.*Unsuccessful login attempt from .* \(X-Forwarded-For: \) .*$ + ^.*WARNING.*Unsuccessful login attempt from .*$ + journalmatch = _SYSTEMD_UNIT=sabnzbd.service + ''; + }; }; }