diff --git a/activation-manuelle/fail2ban.nix b/activation-manuelle/fail2ban.nix new file mode 100644 index 0000000..2340d60 --- /dev/null +++ b/activation-manuelle/fail2ban.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + # Gestion de fail2ban + + services = pkgs.lib.mkIf config.r6d.config-generator.fail2ban { + fail2ban = { + enable = true; + jails = { + DEFAULT = '' + # "ignoreip" can be an IP address, a CIDR mask or a DNS host + ignoreip = 127.0.0.1/8 pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16 + + # 1 jour + # bantime = 86400 + # 5 jours + bantime = 432000 + maxretry = 3 + + # + # Destination email address used solely for the interpolations in + # jail.{conf,local} configuration files. + destemail = admins@dubronetwork.fr + ''; + ssh-route = '' + filter = sshd + action = route[blocktype=blackhole] + maxretry = 3 + ''; + }; + }; + }; +} diff --git a/config-generator.nix b/config-generator.nix index 44c2e52..1898e31 100644 --- a/config-generator.nix +++ b/config-generator.nix @@ -12,6 +12,7 @@ in imports = [ ./activation-manuelle/auto-upgrade.nix ./activation-manuelle/locate.nix + ./activation-manuelle/fail2ban.nix ./activation-manuelle/nix-serve-client.nix ./activation-manuelle/nix-serve-server.nix ./activation-manuelle/swap.nix @@ -38,6 +39,7 @@ in enable = mkEnableOption "Génération de la configuration d'une machine."; auto-upgrade = mkEnableOption "Profil pour activer les mises à jour automatiques."; docker = mkEnableOption "Profil pour l'utilisation de Docker."; + fail2ban = mkEnableOption "Profil pour activer Fail2ban."; jeux = mkEnableOption "Profil pour les jeux vidéos."; laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables.."; locate = mkEnableOption "Profil pour activer la fonction locate.";