fix: use correct module options for fail2ban

* ignoreIPs -> ignoreIP * Add settings block to each jail Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
2024-10-06 00:03:01 +05:30 · 2024-10-06 00:03:01 +05:30 · 164acc1042
commit 164acc1042
parent a9d7582fcf
1 changed files with 12 additions and 8 deletions
--- a/modules/nixos/services/fail2ban/default.nix
+++ b/modules/nixos/services/fail2ban/default.nix
@ -28,7 +28,7 @@
          factor = "4";
        };

-        ignoreIPs =
+        ignoreIP =
          [
            "192.168.69.0/16"
            "172.16.0.0/12"
@ -38,9 +38,11 @@

        jails = {
          DEFAULT = {
-            blocktype = "DROP";
-            bantime = "6h";
-            findtime = "6h";
+            settings = {
+              blocktype = "DROP";
+              bantime = lib.mkDefault "6h";
+              findtime = "6h";
+            };
          };

          sshd = {
@ -56,10 +58,12 @@
          };

          port-scan = {
-            filter = "port-scan";
-            action = "iptables-allports[name=port-scan]";
-            bantime = 86400;
-            maxretry = 2;
+            settings = {
+              filter = "port-scan";
+              action = "iptables-allports[name=port-scan]";
+              bantime = 86400;
+              maxretry = 2;
+            };
          };
        };
      };