diff options
| author | schererleander <leander@schererleander.de> | 2025-09-22 10:42:00 +0200 |
|---|---|---|
| committer | schererleander <leander@schererleander.de> | 2025-09-22 10:42:00 +0200 |
| commit | 923fcd185ec9bbda3242f5584d4b04a9a453ccc1 (patch) | |
| tree | 1a91ba2fd29ce55f4d42192e1e8bf8095225b704 | |
| parent | ac3fd763698b5e2b98cbcab0e7a95c96188bccac (diff) | |
feat: fix fail2ban sshd settings
| -rw-r--r-- | hosts/sachiel/configuration.nix | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix index 3d87d26..18bcae7 100644 --- a/hosts/sachiel/configuration.nix +++ b/hosts/sachiel/configuration.nix @@ -1,6 +1,7 @@ { pkgs, host, + lib, username, ... }: @@ -57,16 +58,18 @@ services.fail2ban = { enable = true; + bantime = "1h"; jails = { - sshd = '' - enabled = true - port = 8693 - filter = sshd - backend = systemd - maxretry = 4 - findtime = 10m - bantime = 1h - ''; + sshd = { + enabled = true; + settings = { + port = 8693; + backend = "systemd"; + maxretry = 4; + findtime = "10m"; + bantime = "1h"; + }; + }; }; }; @@ -142,7 +145,7 @@ security.auditd.enable = true; networking.firewall = { - allowPing = false; + allowPing = false; allowedTCPPorts = [ 80 443 |