feat: enable fail2ban

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-10-23 21:39:19 +02:00 · 2025-10-23 21:39:19 +02:00 · 86347a68de
commit 86347a68de
parent 49341364a8
4 changed files with 72 additions and 6 deletions
--- a/hosts/servers/mail-01.nix
+++ b/hosts/servers/mail-01.nix
@ -12,6 +12,26 @@ in
    }
  ];

+  services.fail2ban.jails = {
+    # max 6 failures in 600 seconds
+    "nginx-spam" = ''
+      enabled  = true
+      filter   = nginx-bruteforce
+      logpath = /var/log/nginx/access.log
+      backend = auto
+      maxretry = 6
+      findtime = 600
+    '';
+
+    # max 3 failures in 600 seconds
+    "postfix-bruteforce" = ''
+      enabled = true
+      filter = postfix-bruteforce
+      findtime = 600
+      maxretry = 3
+    '';
+  };
+
  mailserver = {
    enable = true;
    fqdn = "mail.escapeangle.com";