sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
fork atom

fix(services:fail2ban): property names

Chloe 4ba7cb4f becd1626

options
unified split
Changed files
+3 -3
services
fail2ban
default.nix
+3 -3
services/fail2ban/default.nix 
···

       
43

       
 

       
    # Jails for protecting various services


     

       
44

       
 

       
    jails = {


     

       
45

       
 

       
      # SSH protection - monitor failed login attempts


     

       
46

       
-

       
      sshd = {


     

       
47

       
 

       
        enabled = true;


     

       
48

       
 

       
        port = "ssh";


     

       
49

       
 

       
        filter = "sshd";


     
···

       
59

       
 

       
      };


     

       
60

       
 

       



     

       
61

       
 

       
      # Caddy HTTP/HTTPS protection - monitor for repeated 4xx/5xx errors


     

       
62

       
-

       
      caddy-http = {


     

       
63

       
 

       
        enabled = true;


     

       
64

       
 

       
        port = "http,https";


     

       
65

       
 

       
        filter = "caddy-http";


     
···

       
75

       
 

       
      };


     

       
76

       
 

       



     

       
77

       
 

       
      # Rate-based protection - ban on excessive requests


     

       
78

       
-

       
      caddy-ratelimit = {


     

       
79

       
 

       
        enabled = true;


     

       
80

       
 

       
        port = "http,https";


     

       
81

       
 

       
        filter = "caddy-ratelimit";


     
···

       
43

       
 

       
    # Jails for protecting various services


     

       
44

       
 

       
    jails = {


     

       
45

       
 

       
      # SSH protection - monitor failed login attempts


     

       
46

       
+

       
      sshd.settings = {


     

       
47

       
 

       
        enabled = true;


     

       
48

       
 

       
        port = "ssh";


     

       
49

       
 

       
        filter = "sshd";


     
···

       
59

       
 

       
      };


     

       
60

       
 

       



     

       
61

       
 

       
      # Caddy HTTP/HTTPS protection - monitor for repeated 4xx/5xx errors


     

       
62

       
+

       
      caddy-http.settings = {


     

       
63

       
 

       
        enabled = true;


     

       
64

       
 

       
        port = "http,https";


     

       
65

       
 

       
        filter = "caddy-http";


     
···

       
75

       
 

       
      };


     

       
76

       
 

       



     

       
77

       
 

       
      # Rate-based protection - ban on excessive requests


     

       
78

       
+

       
      caddy-ratelimit.settings = {


     

       
79

       
 

       
        enabled = true;


     

       
80

       
 

       
        port = "http,https";


     

       
81

       
 

       
        filter = "caddy-ratelimit";