fix: use correct module options for fail2ban

* ignoreIPs -> ignoreIP * Add settings block to each jail Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
2024-10-06 00:03:01 +05:30 · 2024-10-06 00:03:01 +05:30 · 164acc1042
commit 164acc1042
parent a9d7582fcf
1 changed files with 12 additions and 8 deletions
--- a/modules/nixos/services/fail2ban/default.nix
+++ b/modules/nixos/services/fail2ban/default.nix
@ -28,7 +28,7 @@
          factor = "4";
        };

-        ignoreIPs =
+        ignoreIP =
          [
            "192.168.69.0/16"
            "172.16.0.0/12"
@ -38,10 +38,12 @@

        jails = {
          DEFAULT = {
+            settings = {
              blocktype = "DROP";
-            bantime = "6h";
+              bantime = lib.mkDefault "6h";
              findtime = "6h";
            };
+          };

          sshd = {
            settings = {
@ -56,6 +58,7 @@
          };

          port-scan = {
+            settings = {
              filter = "port-scan";
              action = "iptables-allports[name=port-scan]";
              bantime = 86400;
@ -64,4 +67,5 @@
          };
        };
      };
+    };
 }