Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

added fail2ban filter for immich

Browse source
This commit is contained in:
Leyla Becker 2025-03-18 18:32:57 -05:00
parent 2a1259cbfa
commit 9bc13861b4
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/nixos-modules/server/fail2ban.nix
View file

@ -46,6 +46,16 @@ in {
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
'') '')
); );
"fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable (
pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
[INCLUDES]
before = common.conf
[Definition]
failregex = immich-server.*Failed login attempt for user.+from ip address\s?<ADDR>
journalmatch = CONTAINER_TAG=immich-server
'')
);
}; };
services.fail2ban = { services.fail2ban = {
@ -108,6 +118,11 @@ in {
bantime = 600; bantime = 600;
maxretry = 5; maxretry = 5;
}; };
immich-iptables.settings = lib.mkIf config.services.immich.enable {
enabled = true;
filter = "immich";
backend = "systemd";
};
# TODO; figure out if there is any fail2ban things we can do on searx # TODO; figure out if there is any fail2ban things we can do on searx
# searx-iptables.settings = lib.mkIf config.services.searx.enable {}; # searx-iptables.settings = lib.mkIf config.services.searx.enable {};
}; };