dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add backup for server

Browse source
This commit is contained in:
danny 2025-09-28 12:37:26 +08:00
parent 20ee47caa2
commit f7409e0537
14 changed files with 256 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

61
system/modules/fail2ban.nix
View file

@ -3,7 +3,6 @@
...
}:
{
services.fail2ban = {
enable = true;
maxretry = 5;
@ -18,38 +17,34 @@
maxtime = "1y";
overalljails = true;
};
jails =
let
nginxLogPath = "/var/log/nginx/error.log*";
in
{
sshd.settings = {
logPath = "";
filter = "sshd";
action = ''nftables-multiport[name="sshd", port="ssh,30072"]'';
backend = "systemd";
findtime = 600;
bantime = 600;
maxretry = 5;
};
nginx-error-common.settings = {
logPath = nginxLogPath;
filter = "nginx-error-common";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
backend = "auto";
findtime = 600;
bantime = 600;
maxretry = 5;
};
nginx-forbidden.settings = {
logPath = nginxLogPath;
filter = "nginx-forbidden";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
backend = "auto";
findtime = 600;
bantime = 600;
maxretry = 5;
};
jails = {
sshd.settings = {
logPath = "";
filter = "sshd";
action = ''nftables-multiport[name="sshd", port="ssh,30072"]'';
backend = "systemd";
findtime = 600;
bantime = 600;
maxretry = 5;
};
nginx-error-common.settings = {
logPath = "";
filter = "nginx-error-common";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
backend = "systemd";
findtime = 600;
bantime = 600;
maxretry = 5;
};
nginx-forbidden.settings = {
logPath = "";
filter = "nginx-forbidden";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
backend = "systemd";
findtime = 600;
bantime = 600;
maxretry = 5;
};
};
};
}