nix-config/hosts/sisyphe/features/fail2ban.nix

{ config, ... }:
{
  services.fail2ban = {
    enable = true;
    ignoreIP = [ "192.168.1.0/24" ];
    extraPackages = [ ];
    jails = {
      nextcloud = ''
        enabled = true;
        filter = nextcloud
        port = http,https
      '';
     };
  };

  environment.etc = {
      "fail2ban/filter.d/nextcloud.conf".text = ''
        [Definition]
        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
      '';
    };

}
(refactor): preparing new hosts 2024-08-16 16:42:55 +02:00			`{ config, ... }:`
			`{`
			`services.fail2ban = {`
			`enable = true;`
			`ignoreIP = [ "192.168.1.0/24" ];`
			`extraPackages = [ ];`
fix: fail2ban config & try to fix extraApps problem 2024-12-27 14:25:14 +01:00			`jails = {`
			`nextcloud = ''`
			`enabled = true;`
			`filter = nextcloud`
			`port = http,https`
			`'';`
			`};`
(refactor): preparing new hosts 2024-08-16 16:42:55 +02:00			`};`
fix: fail2ban config & try to fix extraApps problem 2024-12-27 14:25:14 +01:00
			`environment.etc = {`
			`"fail2ban/filter.d/nextcloud.conf".text = ''`
			`[Definition]`
			`_groupsre = (?:(?:,?\s"\w+":(?:"[^"]+"\|\w+)))`
			`datepattern = ,?\s"time"\s:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"`
			`failregex = ^[^{]\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:`
			`^[^{]\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.`
			`^[^{]\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:`
			`journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service`
			`'';`
			`};`

(refactor): preparing new hosts 2024-08-16 16:42:55 +02:00			`}`