moved home-assistant fail2ban config to its own module
This commit is contained in:
parent
92839b4603
commit
2fb56dc296
2 changed files with 34 additions and 24 deletions
|
|
@ -16,20 +16,6 @@ in {
|
||||||
failregex = "limiting requests, excess:.* by zone.*client: <HOST>"
|
failregex = "limiting requests, excess:.* by zone.*client: <HOST>"
|
||||||
'')
|
'')
|
||||||
);
|
);
|
||||||
# "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable (
|
|
||||||
# pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
|
|
||||||
# [INCLUDES]
|
|
||||||
# before = common.conf
|
|
||||||
|
|
||||||
# [Definition]
|
|
||||||
# failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from <HOST>.*$
|
|
||||||
|
|
||||||
# ignoreregex =
|
|
||||||
|
|
||||||
# [Init]
|
|
||||||
# datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
|
|
||||||
# '')
|
|
||||||
# );
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban = {
|
services.fail2ban = {
|
||||||
|
|
@ -61,16 +47,6 @@ in {
|
||||||
bantime = 600;
|
bantime = 600;
|
||||||
maxretry = 5;
|
maxretry = 5;
|
||||||
};
|
};
|
||||||
home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable {
|
|
||||||
enabled = true;
|
|
||||||
filter = "hass";
|
|
||||||
action = ''iptables-multiport[name=HTTP, port="http,https"]'';
|
|
||||||
logpath = "${config.services.home-assistant.configDir}/*.log";
|
|
||||||
backend = "auto";
|
|
||||||
findtime = 600;
|
|
||||||
bantime = 600;
|
|
||||||
maxretry = 5;
|
|
||||||
};
|
|
||||||
# TODO; figure out if there is any fail2ban things we can do on searx
|
# TODO; figure out if there is any fail2ban things we can do on searx
|
||||||
# searx-iptables.settings = lib.mkIf config.services.searx.enable {};
|
# searx-iptables.settings = lib.mkIf config.services.searx.enable {};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
|
pkgs,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
|
|
@ -155,6 +156,39 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
(lib.mkIf config.services.fail2ban.enable {
|
||||||
|
environment.etc = {
|
||||||
|
"fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable (
|
||||||
|
pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
|
||||||
|
[INCLUDES]
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from <HOST>.*$
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
[Init]
|
||||||
|
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
|
||||||
|
'')
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
services.fail2ban = {
|
||||||
|
jails = {
|
||||||
|
home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable {
|
||||||
|
enabled = true;
|
||||||
|
filter = "hass";
|
||||||
|
action = ''iptables-multiport[name=HTTP, port="http,https"]'';
|
||||||
|
logpath = "${config.services.home-assistant.configDir}/*.log";
|
||||||
|
backend = "auto";
|
||||||
|
findtime = 600;
|
||||||
|
bantime = 600;
|
||||||
|
maxretry = 5;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
(lib.mkIf config.host.impermanence.enable {
|
(lib.mkIf config.host.impermanence.enable {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue