diff options
author | datafoo <34766150+datafoo@users.noreply.github.com> | 2023-04-19 14:11:40 +0200 |
---|---|---|
committer | pennae <82953136+pennae@users.noreply.github.com> | 2023-04-20 16:57:24 +0200 |
commit | 066166cf496e5d5b2b4ea681d2d43246c995b7ef (patch) | |
tree | 30d65a944d17336a3bf17dbe28d29728d2c003ac /nixos/modules/services/security | |
parent | 73d2aeacf58feb6cb5db050f52099f08ab7c3e16 (diff) | |
download | nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar.gz nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar.bz2 nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar.lz nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar.xz nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.tar.zst nixlib-066166cf496e5d5b2b4ea681d2d43246c995b7ef.zip |
nixos/fail2ban: add extraSettings option
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 1962d3f59c9f..93962d40ce4b 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -209,6 +209,20 @@ in ''; }; + extraSettings = mkOption { + type = with types; attrsOf (oneOf [ bool ints.positive str ]); + default = {}; + description = lib.mdDoc '' + Extra default configuration for all jails (i.e. `[DEFAULT]`). See + <https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf> for an overview. + ''; + example = literalExpression '' + { + findtime = "15m"; + } + ''; + }; + jails = mkOption { default = { }; example = literalExpression '' @@ -335,6 +349,10 @@ in # Actions banaction = ${cfg.banaction} banaction_allports = ${cfg.banaction-allports} + ${optionalString (cfg.extraSettings != {}) '' + # Extra settings + ${generators.toKeyValue {} cfg.extraSettings} + ''} ''; # Block SSH if there are too many failing connection attempts. # Benefits from verbose sshd logging to observe failed login attempts, |