nixos: services: jellyfin: add fail2ban jail

The upstream documentation adds quotes around the IP, but I don't see them in my logs. Let's split the difference by making them optional.
2024-09-20 14:39:53 +00:00 · 2024-09-20 14:39:53 +00:00 · c1eab0edee
parent 4a38757db9
commit c1eab0edee
1 changed files with 16 additions and 0 deletions
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@ -41,5 +41,21 @@ in
        };
      };
    };
+
+    services.fail2ban.jails = {
+      jellyfin = ''
+        enabled = true
+        filter = jellyfin
+        port = http,https
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/jellyfin.conf".text = ''
+        [Definition]
+        failregex = ^.*Authentication request for .* has been denied \(IP: "?<ADDR>"?\)\.
+        journalmatch = _SYSTEMD_UNIT=jellyfin.service
+      '';
+    };
  };
 }