hosts/prefect/services/fail2ban.nix at f0ec6d2062b5e6f670e75a3c19b24e49f1a82bc3 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / services / fail2ban.nix

at f0ec6d2062b5e6f670e75a3c19b24e49f1a82bc3 758 B view raw

 1{
 2  services.fail2ban = {
 3    enable = true;
 4    maxretry = 5;
 5    ignoreIP = [
 6      "4349:3909:beef::/48"
 7      "100.64.0.0/10"
 8      "127.0.0.0/8"
 9      "10.0.0.0/8"
10      "172.16.0.0/12"
11      "192.168.0.0/16"
12    ];
13    jails = {
14      postfix = {
15        filter = "postfix";
16        settings = {
17          action = "nftables";
18          port = "143,993";
19        };
20      };
21      dovecot = {
22        filter = "dovecot";
23        settings = {
24          action = "nftables";
25          port = "25,465,587";
26        };
27      };
28      # I don't use SSHd right now, but if I do, re-enable this.
29      # sshd = {
30      #   filter = "sshd";
31      #   settings = {
32      #     action = "nftables";
33      #     port = "22";
34      #   };
35      # };
36    };
37  };
38}