From fc8ccb8b990730bc95be0a08f499a77b17779aea Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Sep 2023 12:43:46 +0200 Subject: [PATCH] modules: services: pirate: add fail2ban jails --- modules/services/pirate/default.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/modules/services/pirate/default.nix b/modules/services/pirate/default.nix index 96f5ad4..7c341e7 100644 --- a/modules/services/pirate/default.nix +++ b/modules/services/pirate/default.nix @@ -29,6 +29,24 @@ let ]; }; + mkFail2Ban = service: { + services.fail2ban.jails = { + ${service} = '' + enabled = true + filter = ${service} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${service}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${service}.service + ''; + }; + }; + mkFullConfig = service: lib.mkMerge [ (mkService service) (mkRedirection service) @@ -44,13 +62,16 @@ in # Set-up media group users.groups.media = { }; } - # Bazarr for subtitles + # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") + (mkFail2Ban "lidarr") # Radarr for movies (mkFullConfig "radarr") + (mkFail2Ban "radarr") # Sonarr for shows (mkFullConfig "sonarr") + (mkFail2Ban "sonarr") ]); }