lew/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lew:4cad9120d6a384a00b0a9cfbe7f714090f0af782
Branches Tags
lew:main
...
compare: lew:8c0db938fce787ff2ac63202daaf368c04d41b20
Branches Tags
lew:main

2 commits
4cad9120d6 ... 8c0db938fc

Author SHA1 Message Date
lew
8c0db938fc refactor: simplifies fail2ban config 2026-04-07 21:16:09 +01:00
lew
add77df77f fix: pin kuma to 2.2.1 2026-04-07 21:15:32 +01:00
2 changed files with 1 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hosts/lab/fail2ban.nix
View file

@ -2,17 +2,13 @@
{
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
bantime-increment = {
enable = true;
maxtime = "168h";
overalljails = true;
};
ignoreIP = [ "127.0.0.1/8" "::1" ];
jails = {
# SSH jail auto-created by NixOS — just tighten the limits
sshd.settings = {
maxretry = 3;
findtime = "15m";
@ -24,34 +20,13 @@
filter = "forgejo";
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=forgejo.service";
maxretry = 5;
findtime = "10m";
};
caddy-status.settings = {
enabled = true;
port = "http,https";
filter = "caddy-status";
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=caddy.service";
maxretry = 10;
findtime = "10m";
};
};
};
# Each virtualHost already has a `log` block for access logging.
# The global `servers { logs }` directive was removed in Caddy 2.11.
environment.etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = ^.*Failed authentication attempt for .* from <HOST>
ignoreregex =
'';
environment.etc."fail2ban/filter.d/caddy-status.conf".text = ''
[Definition]
failregex = ^.*"client_ip":"<HOST>".*"status":\s*(401|403)
ignoreregex =
'';
}

2
hosts/lab/uptime-kuma.nix
View file

@ -14,7 +14,7 @@
};
virtualisation.oci-containers.containers.uptime-kuma = {
image = "louislam/uptime-kuma:2";
image = "louislam/uptime-kuma:2.2.1";
podman.user = "podman";
volumes = [
"/srv/uptime-kuma/data:/app/data"