main
1{lib, ...}: {
2 flake.modules.nixos."services/fail2ban" = {config, ...}: {
3 services.fail2ban = {
4 enable = true;
5 maxretry = 3;
6 bantime = "10m";
7 bantime-increment.enable = true;
8 ignoreIP = [
9 "172.16.0.0/12"
10 "192.168.0.0/16"
11 ];
12 };
13
14 networking.firewall.enable = true;
15
16 services.restic.backups."${config.networking.hostName}-backup".paths =
17 lib.mkIf
18 (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
19 ["/var/lib/fail2ban"];
20 };
21}