diff options
author | pennae <github@quasiparticle.net> | 2021-04-24 17:42:31 +0200 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2021-04-24 17:55:56 +0200 |
commit | 25c827b3cc1dc9885f4885b68b9df83c7697b1af (patch) | |
tree | ae3c2f12dca05e863fb42f0588ca112f1872617c | |
parent | 265d31bcbd6599c38499354bc5f111589814f101 (diff) | |
download | nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar.gz nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar.bz2 nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar.lz nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar.xz nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.tar.zst nixpkgs-25c827b3cc1dc9885f4885b68b9df83c7697b1af.zip |
nixos/fail2ban: add maxretry option
it's not possible to set a different default maxretry value in the DEFAULT jail because the module already does so. expose the maxretry option to the configuration to remedy this. (we can't really remove it entirely because fail2ban defaults to 5)
-rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index b901b19cf31..22abbb518ff 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -62,6 +62,12 @@ in description = "The firewall package used by fail2ban service."; }; + maxretry = mkOption { + default = 3; + type = types.ints.unsigned; + description = "Number of failures before a host gets banned."; + }; + banaction = mkOption { default = "iptables-multiport"; type = types.str; @@ -291,7 +297,7 @@ in ''} # Miscellaneous options ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP} - maxretry = 3 + maxretry = ${toString cfg.maxretry} backend = systemd # Actions banaction = ${cfg.banaction} |