Disable fail2ban
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
14
hosts/common/configs/system/fail2ban/default.nix
Normal file
14
hosts/common/configs/system/fail2ban/default.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{ ... }:
|
||||
{
|
||||
environment.persistence."/persist/state"."/var/lib/fail2ban" = { };
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
bantime = "24h";
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
maxtime = "720h";
|
||||
overalljails = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,31 +1,15 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
kitty.terminfo
|
||||
tmux.terminfo
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
kitty.terminfo
|
||||
tmux.terminfo
|
||||
];
|
||||
|
||||
persistence."/persist/state"."/var/lib/fail2ban" = { };
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PrintMotd = false;
|
||||
};
|
||||
};
|
||||
|
||||
fail2ban = {
|
||||
enable = true;
|
||||
bantime = "24h";
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
maxtime = "720h";
|
||||
overalljails = true;
|
||||
};
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PrintMotd = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@ in
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
||||
9100
|
||||
9882
|
||||
9191
|
||||
];
|
||||
|
||||
virtualisation.quadlet.containers = {
|
||||
@@ -55,11 +54,5 @@ in
|
||||
volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
|
||||
exec = [ "--collector.enable-all" ];
|
||||
};
|
||||
|
||||
prometheus-fail2ban-exporter.containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
|
||||
publishPorts = [ "9191:9191/tcp" ];
|
||||
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -62,12 +62,6 @@ in
|
||||
exec = [ "--collector.enable-all" ];
|
||||
};
|
||||
|
||||
prometheus-fail2ban-exporter.containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
|
||||
publishPorts = [ "9191:9191/tcp" ];
|
||||
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
|
||||
};
|
||||
|
||||
prometheus-smartctl-exporter.containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-prometheus-smartctl-exporter}";
|
||||
publishPorts = [ "9633:9633/tcp" ];
|
||||
@@ -169,19 +163,6 @@ in
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "${hostname}-fail2ban-exporter";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "host.containers.internal:9191" ];
|
||||
labels = {
|
||||
app = "fail2ban-exporter";
|
||||
user = "root";
|
||||
inherit hostname;
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "${hostname}-smartctl-exporter";
|
||||
static_configs = [
|
||||
@@ -221,19 +202,6 @@ in
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "10.0.0.1:9191" ];
|
||||
labels = {
|
||||
app = "fail2ban-exporter";
|
||||
user = "root";
|
||||
hostname = jupiterVpsHostname;
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
|
||||
Reference in New Issue
Block a user