refactor: split server modules into smaller more manageable files
This commit is contained in:
parent
b2e5ae1f98
commit
cdeb4e108b
49 changed files with 1519 additions and 1270 deletions
26
modules/nixos-modules/server/immich/fail2ban.nix
Normal file
26
modules/nixos-modules/server/immich/fail2ban.nix
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) {
|
||||
environment.etc = {
|
||||
"fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
|
||||
[Definition]
|
||||
failregex = immich-server.*Failed login attempt for user.+from ip address\s?<ADDR>
|
||||
journalmatch = CONTAINER_TAG=immich-server
|
||||
'');
|
||||
};
|
||||
|
||||
services.fail2ban = {
|
||||
jails = {
|
||||
immich-iptables.settings = {
|
||||
enabled = true;
|
||||
filter = "immich";
|
||||
backend = "systemd";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue