pyrox.dev
+2
nixos/doc/manual/release-notes/rl-2305.section.md
+2
nixos/doc/manual/release-notes/rl-2305.section.md
···- To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.+- In `services.fail2ban`, `bantime-increment.<name>` options now default to `null` (except `bantime-increment.enable`) and are used to set the corresponding option in `jail.local` only if not `null`. Also, enforce that `bantime-increment.formula` and `bantime-increment.multipliers` are not both specified.- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`.
+38
-31
nixos/modules/services/security/fail2ban.nix
+38
-31
nixos/modules/services/security/fail2ban.nix
···+"bantime.increment" allows to use database for searching of previously banned ip's to increase-"bantime-increment.maxtime" is the max number of seconds using the ban time can reach (don't grows further)+"bantime.maxtime" is the max number of seconds using the ban time can reach (don't grows further)-"bantime-increment.factor" is a coefficient to calculate exponent growing of the formula or common multiplier,+"bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier,default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...-"bantime-increment.formula" used by default to calculate next value of ban time, default value bellow,-"bantime-increment.multipliers" used to calculate next value of ban time instead of formula, corresponding+"bantime.multipliers" used to calculate next value of ban time instead of formula, correspondingfollowing example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours···-"bantime-increment.overalljails" (if true) specifies the search of IP in the database will be executed···+assertion = (cfg.bantime-increment.formula == null || cfg.bantime-increment.multipliers == null);+Options `services.fail2ban.bantime-increment.formula` and `services.fail2ban.bantime-increment.multipliers` cannot be both specified.warnings = mkIf (config.networking.firewall.enable == false && config.networking.nftables.enable == false) [···+${optionalString (cfg.bantime-increment.rndtime != null) "bantime.rndtime = ${cfg.bantime-increment.rndtime}"}+${optionalString (cfg.bantime-increment.maxtime != null) "bantime.maxtime = ${cfg.bantime-increment.maxtime}"}+${optionalString (cfg.bantime-increment.factor != null) "bantime.factor = ${cfg.bantime-increment.factor}"}+${optionalString (cfg.bantime-increment.formula != null) "bantime.formula = ${cfg.bantime-increment.formula}"}+${optionalString (cfg.bantime-increment.multipliers != null) "bantime.multipliers = ${cfg.bantime-increment.multipliers}"}+${optionalString (cfg.bantime-increment.overalljails != null) "bantime.overalljails = ${boolToString cfg.bantime-increment.overalljails}"}ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP}