refactor: moved nixos modules to dendrite pattern

2026-04-07 15:39:45 -05:00 · 2026-04-07 15:39:45 -05:00 · 0ea11e0236
commit 0ea11e0236
parent df8dd110ad
219 changed files with 4802 additions and 4820 deletions
--- a/modules/nixos/programs/immich/fail2ban.nix
+++ b/modules/nixos/programs/immich/fail2ban.nix
@ -0,0 +1,37 @@
+{...}: {
+  flake.nixosModules.immich-fail2ban = {
+    lib,
+    config,
+    pkgs,
+    ...
+  }: {
+    options.services.immich = {
+      fail2ban = {
+        enable = lib.mkOption {
+          type = lib.types.bool;
+          default = config.services.fail2ban.enable && config.services.immich.enable;
+        };
+      };
+    };
+
+    config = lib.mkIf config.services.immich.fail2ban.enable {
+      environment.etc = {
+        "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+          [Definition]
+          failregex = immich-server.*Failed login attempt for user.+from ip address\s?<ADDR>
+          journalmatch = CONTAINER_TAG=immich-server
+        '');
+      };
+
+      services.fail2ban = {
+        jails = {
+          immich-iptables.settings = {
+            enabled = true;
+            filter = "immich";
+            backend = "systemd";
+          };
+        };
+      };
+    };
+  };
+}