From 3403ee06021fd441c467f12e8ccde7ce66557304 Mon Sep 17 00:00:00 2001
From: datafoo <34766150+datafoo@users.noreply.github.com>
Date: Mon, 17 Apr 2023 11:22:09 +0200
Subject: nixos/fail2ban: add bantime option

---
 nixos/modules/services/security/fail2ban.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'nixos/modules/services/security')

diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index ead24d147071..1962d3f59c9f 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -78,6 +78,13 @@ in
         '';
       };
 
+      bantime = mkOption {
+        default = null;
+        type = types.nullOr types.str;
+        example = "10m";
+        description = lib.mdDoc "Number of seconds that a host is banned.";
+      };
+
       maxretry = mkOption {
         default = 3;
         type = types.ints.unsigned;
@@ -320,6 +327,9 @@ in
       ''}
       # Miscellaneous options
       ignoreip    = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP}
+      ${optionalString (cfg.bantime != null) ''
+        bantime     = ${cfg.bantime}
+      ''}
       maxretry    = ${toString cfg.maxretry}
       backend     = systemd
       # Actions
-- 
cgit 1.4.1