AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add fail2ban to nixos-vps

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-03-07 13:03:00 +03:00
parent 1ef8a39613
commit 88b6b6e2ab
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
machines/NixOS-FI-VPS/default.nix
View File

@ -180,15 +180,37 @@
};
systemd.coredump.enable = false;
# Users
services.openssh = {
enable = true;
settings.LogLevel = "VERBOSE";
settings.PasswordAuthentication = false;
settings.PermitRootLogin = lib.mkForce "prohibit-password";
settings.X11Forwarding = false;
extraConfig = "StreamLocalBindUnlink yes";
ports = [ 22 ];
ports = [ 32323 ];
};
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
# Users
users.mutableUsers = false;
users.users = {
${config.mainuser} = {