nixos: services: pyload: add fail2ban jail

2024-11-18 13:31:08 +01:00 · 2024-11-18 13:31:08 +01:00 · 6a5c4a627a
parent 7f0cd6612e
commit 6a5c4a627a
1 changed files with 15 additions and 1 deletions
--- a/modules/nixos/services/pyload/default.nix
+++ b/modules/nixos/services/pyload/default.nix
@ -53,6 +53,20 @@ in
      };
    };

-    # FIXME: fail2ban
+    services.fail2ban.jails = {
+      pyload = ''
+        enabled = true
+        filter = pyload
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/pyload.conf".text = ''
+        [Definition]
+        failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
+        journalmatch = _SYSTEMD_UNIT=pyload.service
+      '';
+    };
  };
 }