William
f1b6be6f3f
- Configure fail2ban with progressive ban times (1h base, up to 10000h max) - Add SSH jail with password authentication disabled - Add Forgejo jail using systemd journal backend - Ignore private networks and Tailscale IPs - Set Forgejo to 10 retries per hour, 15min initial ban 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
23 lines
416 B
Nix
23 lines
416 B
Nix
{ ... }:
|
|
|
|
{
|
|
services = {
|
|
openssh = {
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
};
|
|
fail2ban.jails.sshd = {
|
|
settings = {
|
|
enabled = true;
|
|
port = "ssh";
|
|
filter = "sshd";
|
|
logpath = "/var/log/auth.log";
|
|
maxretry = 5;
|
|
findtime = "10m";
|
|
bantime = "1h";
|
|
};
|
|
};
|
|
};
|
|
}
|