From 55ae36e0172703251213a64ad9953cdde92a062f Mon Sep 17 00:00:00 2001 From: xqtc Date: Wed, 17 Jul 2024 13:01:09 +0200 Subject: [PATCH] add fail2ban --- flake.lock | 32 ++++++++++++------------- hosts/x86_64-linux/beleth/default.nix | 1 + hosts/x86_64-linux/beleth/fail2ban.nix | 14 +++++++++++ hosts/x86_64-linux/beleth/nextcloud.nix | 8 +++---- 4 files changed, 35 insertions(+), 20 deletions(-) create mode 100644 hosts/x86_64-linux/beleth/fail2ban.nix diff --git a/flake.lock b/flake.lock index a0ae8f6..207f8d6 100644 --- a/flake.lock +++ b/flake.lock @@ -89,11 +89,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1721102596, - "narHash": "sha256-NwkxySooO4c+0AmWz+199HKB7cyZAOuzdqwDyYYJrow=", + "lastModified": 1721188984, + "narHash": "sha256-muLvm4TcNtZtbC71vWpJT84do8xxcX2JDbwZ/GBCbIM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2004d4c0218505901d8fad29948f1a1191f658f6", + "rev": "fe4e311097bb57450231e603d7a99f96d147e456", "type": "gitlab" }, "original": { @@ -344,11 +344,11 @@ ] }, "locked": { - "lastModified": 1720734513, - "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", + "lastModified": 1721135958, + "narHash": "sha256-H548rpPMsn25LDKn1PCFmPxmWlClJJGnvdzImHkqjuY=", "owner": "nix-community", "repo": "home-manager", - "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", + "rev": "afd2021bedff2de92dfce0e257a3d03ae65c603d", "type": "github" }, "original": { @@ -419,11 +419,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1720270372, - "narHash": "sha256-G5iteuo2gobI0Y5jHNEBc6UN9ixjwj6zopPKi7bJBE4=", + "lastModified": 1721151247, + "narHash": "sha256-m6LmfrUMpt1ZUX3eqB7Gp+ZV6sAWPqkATwZNvA7Bj9U=", "owner": "viperML", "repo": "nh", - "rev": "7f8a1859ed6ea971fcf49b07ca8938e3000c3af4", + "rev": "168c7ceea2b8d6208cf32de9eb8effa9c008b40d", "type": "github" }, "original": { @@ -544,11 +544,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1721124769, - "narHash": "sha256-TsPEod+7+A2LqUb/8oZCGFx67BBqBmNfxPzkMXUhIy0=", + "lastModified": 1721210484, + "narHash": "sha256-QppHmSS4JGlKHuZku1M8rvkUcosi8GRSrWa/hFAzF80=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "69367538edc76e4b7fc27e68cf66f03a37ccdfa0", + "rev": "e5e12391d9dd8a351562938b6cf3fa215a34a2ac", "type": "github" }, "original": { @@ -592,16 +592,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1719663039, - "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=", + "lastModified": 1720954236, + "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119", + "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index c310b22..a0c8951 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -12,6 +12,7 @@ with lib; { ./jellyfin.nix ./calibre-web.nix ./transmission.nix + ./fail2ban.nix ./lanrarari.nix ./uptime.nix ./networking.nix diff --git a/hosts/x86_64-linux/beleth/fail2ban.nix b/hosts/x86_64-linux/beleth/fail2ban.nix new file mode 100644 index 0000000..303b5db --- /dev/null +++ b/hosts/x86_64-linux/beleth/fail2ban.nix @@ -0,0 +1,14 @@ +{config, lib, ...}: +{ + services.fail2ban = { + enable = true; + maxretry = 3; + bantime-increment = { + enable = true; + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + # multipliers = "1 2 4 8 16 32 64"; + maxtime = "336h"; + overalljails = true; + }; + }; +} diff --git a/hosts/x86_64-linux/beleth/nextcloud.nix b/hosts/x86_64-linux/beleth/nextcloud.nix index 95a11cc..b4f4cce 100644 --- a/hosts/x86_64-linux/beleth/nextcloud.nix +++ b/hosts/x86_64-linux/beleth/nextcloud.nix @@ -56,13 +56,13 @@ (config.services.nextcloud.package.packages.apps) contacts calendar - notes - previewgenerator + # notes + previewgenerator ; recognize = pkgs.fetchNextcloudApp { - sha256 = "sha256-hg8uY7cvdYnmEh6vKC36vkORDC+MSZA8lFqGQK2RbkE="; - url = "https://github.com/nextcloud/recognize/releases/download/v7.0.2/recognize-7.0.2.tar.gz"; + sha256 = "sha256-7qp9UbUcMwBNdGixaR0BAigMAtlyCAN39WxqHbsFVGE="; + url = "https://github.com/nextcloud/recognize/releases/download/v7.0.0/recognize-7.0.0.tar.gz"; license = "agpl3Only"; }; };