diff --git a/hosts/common/configs/system/fail2ban/default.nix b/hosts/common/configs/system/fail2ban/default.nix new file mode 100644 index 0000000..b5dcf82 --- /dev/null +++ b/hosts/common/configs/system/fail2ban/default.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + environment.persistence."/persist/state"."/var/lib/fail2ban" = { }; + + services.fail2ban = { + enable = true; + bantime = "24h"; + bantime-increment = { + enable = true; + maxtime = "720h"; + overalljails = true; + }; + }; +} diff --git a/hosts/common/configs/system/sshd/default.nix b/hosts/common/configs/system/sshd/default.nix index 1c056c0..1eafaa2 100644 --- a/hosts/common/configs/system/sshd/default.nix +++ b/hosts/common/configs/system/sshd/default.nix @@ -1,31 +1,15 @@ { pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - kitty.terminfo - tmux.terminfo - ]; + environment.systemPackages = with pkgs; [ + kitty.terminfo + tmux.terminfo + ]; - persistence."/persist/state"."/var/lib/fail2ban" = { }; - }; - - services = { - openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PrintMotd = false; - }; - }; - - fail2ban = { - enable = true; - bantime = "24h"; - bantime-increment = { - enable = true; - maxtime = "720h"; - overalljails = true; - }; + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PrintMotd = false; }; }; } diff --git a/hosts/jupiter-vps/configs/podman/prometheus/default.nix b/hosts/jupiter-vps/configs/podman/prometheus/default.nix index 45ee7aa..afa5196 100644 --- a/hosts/jupiter-vps/configs/podman/prometheus/default.nix +++ b/hosts/jupiter-vps/configs/podman/prometheus/default.nix @@ -8,7 +8,6 @@ in networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9100 9882 - 9191 ]; virtualisation.quadlet.containers = { @@ -55,11 +54,5 @@ in volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ]; exec = [ "--collector.enable-all" ]; }; - - prometheus-fail2ban-exporter.containerConfig = { - image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}"; - publishPorts = [ "9191:9191/tcp" ]; - volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ]; - }; }; } diff --git a/hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix b/hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix index 86023ee..f2c6aa8 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix @@ -62,12 +62,6 @@ in exec = [ "--collector.enable-all" ]; }; - prometheus-fail2ban-exporter.containerConfig = { - image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}"; - publishPorts = [ "9191:9191/tcp" ]; - volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ]; - }; - prometheus-smartctl-exporter.containerConfig = { image = "docker-archive:${selfPkgs.docker-prometheus-smartctl-exporter}"; publishPorts = [ "9633:9633/tcp" ]; @@ -169,19 +163,6 @@ in } ]; } - { - job_name = "${hostname}-fail2ban-exporter"; - static_configs = [ - { - targets = [ "host.containers.internal:9191" ]; - labels = { - app = "fail2ban-exporter"; - user = "root"; - inherit hostname; - }; - } - ]; - } { job_name = "${hostname}-smartctl-exporter"; static_configs = [ @@ -221,19 +202,6 @@ in } ]; } - { - job_name = "${jupiterVpsHostname}-fail2ban-exporter"; - static_configs = [ - { - targets = [ "10.0.0.1:9191" ]; - labels = { - app = "fail2ban-exporter"; - user = "root"; - hostname = jupiterVpsHostname; - }; - } - ]; - } ]; }; in