modules: services: pirate: add fail2ban jails
All checks were successful
ci/woodpecker/push/check Pipeline was successful

This commit is contained in:
Bruno BELANYI 2023-09-03 12:43:46 +02:00
parent 14bf03e5fd
commit fc8ccb8b99

View file

@ -29,6 +29,24 @@ let
]; ];
}; };
mkFail2Ban = service: {
services.fail2ban.jails = {
${service} = ''
enabled = true
filter = ${service}
action = iptables-allports
'';
};
environment.etc = {
"fail2ban/filter.d/${service}.conf".text = ''
[Definition]
failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
journalmatch = _SYSTEMD_UNIT=${service}.service
'';
};
};
mkFullConfig = service: lib.mkMerge [ mkFullConfig = service: lib.mkMerge [
(mkService service) (mkService service)
(mkRedirection service) (mkRedirection service)
@ -44,13 +62,16 @@ in
# Set-up media group # Set-up media group
users.groups.media = { }; users.groups.media = { };
} }
# Bazarr for subtitles # Bazarr does not log authentication failures...
(mkFullConfig "bazarr") (mkFullConfig "bazarr")
# Lidarr for music # Lidarr for music
(mkFullConfig "lidarr") (mkFullConfig "lidarr")
(mkFail2Ban "lidarr")
# Radarr for movies # Radarr for movies
(mkFullConfig "radarr") (mkFullConfig "radarr")
(mkFail2Ban "radarr")
# Sonarr for shows # Sonarr for shows
(mkFullConfig "sonarr") (mkFullConfig "sonarr")
(mkFail2Ban "sonarr")
]); ]);
} }