nix-config/systems/common/core/services/fail2ban.nix

# http://web.archive.org/web/20240621185719/https://dataswamp.org/~solene/2022-10-02-nixos-fail2ban.html
{ pkgs, ... }:
{
  services.fail2ban = {
    enable = false;
    ignoreIP = [
      "192.168.1.0/24"
    ]; 
  # needed to ban on IPv4 and IPv6 for all ports
    extraPackages = [pkgs.ipset];
    banaction = "iptables-ipset-proto6-allports";
  
  
    jails = {
 
      # max 6 failures in 600 seconds
      "nginx-spam" = ''
        enabled  = true
        filter   = nginx-bruteforce
        logpath = /var/log/nginx/access.log
        backend = auto
        maxretry = 6
        findtime = 600
      '';
 
      # max 3 failures in 600 seconds
      "postfix-bruteforce" = ''
        enabled = true
        filter = postfix-bruteforce
        findtime = 600
        maxretry = 3
      '';
 
      # max 10 failures in 600 seconds
      "molly" = ''
        enabled = true
        filter = molly
        findtime = 600
        maxretry = 10
        logpath = /var/log/molly-brown/access.log
        backend = auto
      '';
    };
  };
  environment.etc = {
    "fail2ban/filter.d/molly.conf".text = ''
      [Definition]
      failregex = <HOST>\s+(31|40|51|53).*$
    '';

    "fail2ban/filter.d/nginx-bruteforce.conf".text = ''
      [Definition]
      failregex = ^<HOST>.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
    '';

    "fail2ban/filter.d/postfix-bruteforce.conf".text = ''
      [Definition]
      failregex = warning: [\w\.\-]+\[<HOST>\]: SASL LOGIN authentication failed.*$
      journalmatch = _SYSTEMD_UNIT=postfix.service
    '';
  };

}
feat(systems,home / core): add firejail & fail2ban configs 2024-08-28 17:36:59 +00:00			`# http://web.archive.org/web/20240621185719/https://dataswamp.org/~solene/2022-10-02-nixos-fail2ban.html`
feat(system/core, -\|\|-/services): add security modules - firejail, firewall, fail2ban 2024-09-01 14:05:39 +00:00			`{ pkgs, ... }:`
feat(systems,home / core): add firejail & fail2ban configs 2024-08-28 17:36:59 +00:00			`{`
			`services.fail2ban = {`
feat(system/core, -\|\|-/services): add security modules - firejail, firewall, fail2ban 2024-09-01 14:05:39 +00:00			`enable = false;`
feat(systems,home / core): add firejail & fail2ban configs 2024-08-28 17:36:59 +00:00			`ignoreIP = [`
			`"192.168.1.0/24"`
			`];`
			`# needed to ban on IPv4 and IPv6 for all ports`
			`extraPackages = [pkgs.ipset];`
			`banaction = "iptables-ipset-proto6-allports";`


feat(system/core, -\|\|-/services): add security modules - firejail, firewall, fail2ban 2024-09-01 14:05:39 +00:00			`jails = {`

			`# max 6 failures in 600 seconds`
			`"nginx-spam" = ''`
			`enabled = true`
			`filter = nginx-bruteforce`
			`logpath = /var/log/nginx/access.log`
			`backend = auto`
			`maxretry = 6`
			`findtime = 600`
			`'';`

			`# max 3 failures in 600 seconds`
			`"postfix-bruteforce" = ''`
			`enabled = true`
			`filter = postfix-bruteforce`
			`findtime = 600`
			`maxretry = 3`
			`'';`

			`# max 10 failures in 600 seconds`
			`"molly" = ''`
			`enabled = true`
			`filter = molly`
			`findtime = 600`
			`maxretry = 10`
			`logpath = /var/log/molly-brown/access.log`
			`backend = auto`
			`'';`
			`};`
feat(systems,home / core): add firejail & fail2ban configs 2024-08-28 17:36:59 +00:00			`};`
			`environment.etc = {`
			`"fail2ban/filter.d/molly.conf".text = ''`
			`[Definition]`
			`failregex = <HOST>\s+(31\|40\|51\|53).*$`
			`'';`

			`"fail2ban/filter.d/nginx-bruteforce.conf".text = ''`
			`[Definition]`
			`failregex = ^<HOST>.GET.(matrix/server\|\.php\|admin\|wp\-).* HTTP/\d.\d\" 404.*$`
			`'';`

			`"fail2ban/filter.d/postfix-bruteforce.conf".text = ''`
			`[Definition]`
			`failregex = warning: [\w\.\-]+\[<HOST>\]: SASL LOGIN authentication failed.*$`
			`journalmatch = _SYSTEMD_UNIT=postfix.service`
			`'';`
			`};`

			`}`
feat(system/core, -\|\|-/services): add security modules - firejail, firewall, fail2ban 2024-09-01 14:05:39 +00:00