nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

remove jail

nekomimi.pet f133e8f1 706355fd

options
unified split
Changed files
-42
hosts
baal
default.nix
buer
default.nix
valefar
default.nix
-14
hosts/baal/default.nix 
···

       
47

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
48

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
49

       
 

       
    };


     

       
50

       
-

       
    jails = {


     

       
51

       
-

       
      apache-nohome-iptables.settings = {


     

       
52

       
-

       
        # Block an IP address if it accesses a non-existent


     

       
53

       
-

       
        # home directory more than 5 times in 10 minutes,


     

       
54

       
-

       
        # since that indicates that it's scanning.


     

       
55

       
-

       
        filter = "apache-nohome";


     

       
56

       
-

       
        action = ''iptables-multiport[name=HTTP, port="http,https"]'';


     

       
57

       
-

       
        logpath = "/var/log/httpd/error_log*";


     

       
58

       
-

       
        backend = "auto";


     

       
59

       
-

       
        findtime = 600;


     

       
60

       
-

       
        bantime  = 600;


     

       
61

       
-

       
        maxretry = 5;


     

       
62

       
-

       
      };


     

       
63

       
-

       
    };


     

       
64

       
 

       
  };


     

       
65

       
 

       



     

       
66

       
 

       
  virtualisation.docker = {


     
···

       
47

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
48

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
49

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
50

       
 

       
  };


     

       
51

       
 

       



     

       
52

       
 

       
  virtualisation.docker = {
-14
hosts/buer/default.nix 
···

       
80

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
81

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
82

       
 

       
    };


     

       
83

       
-

       
    jails = {


     

       
84

       
-

       
      apache-nohome-iptables.settings = {


     

       
85

       
-

       
        # Block an IP address if it accesses a non-existent


     

       
86

       
-

       
        # home directory more than 5 times in 10 minutes,


     

       
87

       
-

       
        # since that indicates that it's scanning.


     

       
88

       
-

       
        filter = "apache-nohome";


     

       
89

       
-

       
        action = ''iptables-multiport[name=HTTP, port="http,https"]'';


     

       
90

       
-

       
        logpath = "/var/log/httpd/error_log*";


     

       
91

       
-

       
        backend = "auto";


     

       
92

       
-

       
        findtime = 600;


     

       
93

       
-

       
        bantime  = 600;


     

       
94

       
-

       
        maxretry = 5;


     

       
95

       
-

       
      };


     

       
96

       
-

       
    };


     

       
97

       
 

       
  };


     

       
98

       
 

       



     

       
99

       
 

       
  # Static IP configuration via systemd-networkd


     
···

       
80

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
81

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
82

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
83

       
 

       
  };


     

       
84

       
 

       



     

       
85

       
 

       
  # Static IP configuration via systemd-networkd
-14
hosts/valefar/default.nix 
···

       
276

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
277

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
278

       
 

       
    };


     

       
279

       
-

       
    jails = {


     

       
280

       
-

       
      apache-nohome-iptables.settings = {


     

       
281

       
-

       
        # Block an IP address if it accesses a non-existent


     

       
282

       
-

       
        # home directory more than 5 times in 10 minutes,


     

       
283

       
-

       
        # since that indicates that it's scanning.


     

       
284

       
-

       
        filter = "apache-nohome";


     

       
285

       
-

       
        action = ''iptables-multiport[name=HTTP, port="http,https"]'';


     

       
286

       
-

       
        logpath = "/var/log/httpd/error_log*";


     

       
287

       
-

       
        backend = "auto";


     

       
288

       
-

       
        findtime = 600;


     

       
289

       
-

       
        bantime  = 600;


     

       
290

       
-

       
        maxretry = 5;


     

       
291

       
-

       
      };


     

       
292

       
-

       
    };


     

       
293

       
 

       
  };


     

       
294

       
 

       



     

       
295

       
 

       
  # =============================================================================


     
···

       
276

       
 

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       
277

       
 

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
278

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
279

       
 

       
  };


     

       
280

       
 

       



     

       
281

       
 

       
  # =============================================================================