nixos: services: nextcloud: add fail2ban jail

nixos: services: audiobookshelf: add fail2ban jail
nixos: services: mealie: add fail2ban jail
2024-09-22 01:37:34 +02:00 · 2024-09-22 01:37:34 +02:00 · 2024-09-22 01:37:34 +02:00
3 changed files with 53 additions and 0 deletions
--- a/modules/nixos/services/audiobookshelf/default.nix
+++ b/modules/nixos/services/audiobookshelf/default.nix
@ -35,5 +35,21 @@ in
        };
      };
    };
    services.fail2ban.jails = {
      audiobookshelf = ''
        enabled = true
        filter = audiobookshelf
        port = http,https
      '';
    };
    environment.etc = {
      "fail2ban/filter.d/audiobookshelf.conf".text = ''
        [Definition]
        failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip <ADDR>
        journalmatch = _SYSTEMD_UNIT=audiobookshelf.service
      '';
    };
  };
 }
--- a/modules/nixos/services/mealie/default.nix
+++ b/modules/nixos/services/mealie/default.nix
@ -71,5 +71,21 @@ in
        };
      };
    };
    services.fail2ban.jails = {
      mealie = ''
        enabled = true
        filter = mealie
        port = http,https
      '';
    };
    environment.etc = {
      "fail2ban/filter.d/mealie.conf".text = ''
        [Definition]
        failregex = ^.*ERROR.*Incorrect username or password from <HOST>
        journalmatch = _SYSTEMD_UNIT=mealie.service
      '';
    };
  };
 }
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@ -87,5 +87,26 @@ in
        "${config.services.nextcloud.home}/data/appdata_*/preview"
      ];
    };
    services.fail2ban.jails = {
      nextcloud = ''
        enabled = true
        filter = nextcloud
        port = http,https
      '';
    };
    environment.etc = {
      "fail2ban/filter.d/nextcloud.conf".text = ''
        [Definition]
        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
      '';
    };
  };
 }
Author	SHA1	Message	Date
Bruno BELANYI	4e093fbff3	nixos: services: nextcloud: add fail2ban jail All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2024-09-22 01:37:34 +02:00
Bruno BELANYI	f24cf2e16d	nixos: services: audiobookshelf: add fail2ban jail	2024-09-22 01:37:34 +02:00
Bruno BELANYI	cedac6bbf4	nixos: services: mealie: add fail2ban jail	2024-09-22 01:37:34 +02:00