cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

fix(fail2ban): some hacky fix

Browse Source
This commit is contained in:
cnst
2025-10-07 21:05:43 +02:00
parent 549037fe69
commit 46aa5a9deb
7 changed files with 50 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/server/fail2ban/default.nix
View File

@@ -30,14 +30,28 @@ in {
example = "vaultwarden";
type = lib.types.str;
};
_groupsre = lib.mkOption {
type = lib.types.lines;
example = ''(?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)'';
default = "";
};
failRegex = lib.mkOption {
type = lib.types.str;
example = "Login failed from IP: <HOST>";
type = lib.types.lines;
example = ''
^Login failed from IP: <HOST>$
^Two-factor challenge failed from <HOST>$
'';
};
ignoreRegex = lib.mkOption {
type = lib.types.str;
default = "";
};
datePattern = lib.mkOption {
type = lib.types.str;
default = "";
example = '',?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"'';
description = "Optional datepattern line for the fail2ban filter.";
};
maxRetry = lib.mkOption {
type = lib.types.int;
default = 3;
@@ -75,11 +89,18 @@ in {
environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' (
name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
text =
''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
''
+ lib.optionalString (value.datePattern != "") ''
datepattern = ${value.datePattern}
''
+ lib.optionalString (value._groupsre != "") ''
_groupsre = ${value._groupsre}
'';
})
)
cfg.jails)