feat: Added fail2ban
This commit is contained in:
uttarayan21
@@ -18,15 +18,22 @@
|
|||||||
# instances.darksailor = {
|
# instances.darksailor = {
|
||||||
# enable = false;
|
# enable = false;
|
||||||
# settings = {
|
# settings = {
|
||||||
# # server = {
|
# authentication_backend = {
|
||||||
# # address = "unix:///run/authelia/authelia.sock";
|
# password_reset.disable = false;
|
||||||
# # };
|
# file = {};
|
||||||
# # session.domain = "auth.darksailor.dev";
|
# };
|
||||||
# access_control = {
|
# access_control = {
|
||||||
# rules = {
|
# default_policy = "one_factor";
|
||||||
|
# };
|
||||||
|
# storage = {
|
||||||
|
# local = {
|
||||||
|
# path = "/var/lib/authelia/darksailor.sqlite3";
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
# storage = "local";
|
# theme = "dark";
|
||||||
|
# server = {
|
||||||
|
# address = "127.0.0.1:5555";
|
||||||
|
# };
|
||||||
# };
|
# };
|
||||||
# secrets = {
|
# secrets = {
|
||||||
# jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
|
# jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
|
||||||
@@ -34,6 +41,29 @@
|
|||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
|
fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
bantime = "24h"; # Ban IPs for one day on the first ban
|
||||||
|
bantime-increment = {
|
||||||
|
enable = true; # Enable increment of bantime after each violation
|
||||||
|
# formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
||||||
|
multipliers = "1 2 4 8 16 32 64";
|
||||||
|
maxtime = "168h"; # Do not ban for more than 1 week
|
||||||
|
overalljails = true; # Calculate the bantime based on all the violations
|
||||||
|
};
|
||||||
|
jails.apache-nohome-iptables.settings = {
|
||||||
|
# Block an IP address if it accesses a non-existent
|
||||||
|
# home directory more than 5 times in 10 minutes,
|
||||||
|
# since that indicates that it's scanning.
|
||||||
|
filter = "apache-nohome";
|
||||||
|
action = ''iptables-multiport[name=HTTP, port="http,https"]'';
|
||||||
|
logpath = "/var/log/httpd/error_log*";
|
||||||
|
backend = "auto";
|
||||||
|
findtime = 600;
|
||||||
|
bantime = 600;
|
||||||
|
maxretry = 5;
|
||||||
|
};
|
||||||
|
};
|
||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
@@ -94,6 +124,9 @@
|
|||||||
virtualHosts."llama.darksailor.dev".extraConfig = ''
|
virtualHosts."llama.darksailor.dev".extraConfig = ''
|
||||||
reverse_proxy localhost:3000
|
reverse_proxy localhost:3000
|
||||||
'';
|
'';
|
||||||
|
virtualHosts."auth.darksailor.dev".extraConfig = ''
|
||||||
|
reverse_proxy localhost:5555
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user