{ config, pkgs, ... }:

with pkgs.lib;

let
  cfg = config.r6d.config-generator;

  ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
  destemail = "admins@dubronetwork.fr";

in {
  # Gestion de fail2ban
  
  services = mkIf cfg.fail2ban {
    fail2ban = {
      enable = true;
      jails = {
        DEFAULT = ''
          # "ignoreip" can be an IP address, a CIDR mask or a DNS host
          ignoreip = 127.0.0.1/8 ${ignoreip}

          # 1 jour
          # bantime  = 86400
          # 5 jours 
          bantime  = 432000

          maxretry = 3

          destemail = ${destemail}
        '';
        ssh-route = ''
          filter   = sshd
          action   = route[blocktype=blackhole]
          maxretry = 3
        '';
      };
    };
  };
}