{ config, pkgs, ... }:

with pkgs.lib;

let
  cfg = config.r6d.config-generator;
in {
  # Gestion de fail2ban
  
  services = mkIf cfg.fail2ban {
    fail2ban = {
      enable = true;
      jails = {
        DEFAULT = ''
          # "ignoreip" can be an IP address, a CIDR mask or a DNS host
          ignoreip = 127.0.0.1/8 pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16

          # 1 jour
          # bantime  = 86400
          # 5 jours 
          bantime  = 432000
          maxretry = 3

          #
          # Destination email address used solely for the interpolations in
          # jail.{conf,local} configuration files.
          destemail = admins@dubronetwork.fr
        '';
        ssh-route = ''
          filter   = sshd
          action   = route[blocktype=blackhole]
          maxretry = 3
        '';
      };
    };
  };
}