nixos: services: miniflux: add fail2ban jail

2024-09-22 01:58:56 +02:00 · 2024-09-22 01:58:56 +02:00 · a059828a58
parent 96e1a54638
commit a059828a58
1 changed files with 16 additions and 0 deletions
--- a/modules/nixos/services/miniflux/default.nix
+++ b/modules/nixos/services/miniflux/default.nix
@ -48,5 +48,21 @@ in
        inherit (cfg) port;
      };
    };
+
+    services.fail2ban.jails = {
+      miniflux = ''
+        enabled = true
+        filter = miniflux
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/miniflux.conf".text = ''
+        [Definition]
+        failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip=<ADDR>
+        journalmatch = _SYSTEMD_UNIT=miniflux.service
+      '';
+    };
  };
 }