alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

bitwarden_rs: setup fail2ban

Browse source
This commit is contained in:
Antoine Martin 2021-02-22 15:56:01 +01:00
parent 25f45ec6f6
commit 80384b2afe
1 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
services/bitwarden_rs.nix
View file

@ -91,6 +91,39 @@ in {
paths = [ "/var/lib/bitwarden_rs" ]; paths = [ "/var/lib/bitwarden_rs" ];
exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; exclude = [ "/var/lib/bitwarden_rs/icon_cache" ];
}; };
services.fail2ban.jails = {
bitwarden_rs = ''
enabled = true
filter = bitwarden_rs
port = http,https
maxretry = 5
'';
# Admin page isn't enabled by default, but just in case...
bitwarden_rs-admin = ''
enabled = true
filter = bitwarden_rs-admin
port = http,https
maxretry = 2
'';
};
environment.etc = {
"fail2ban/filter.d/bitwarden_rs.conf".text = ''
[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =
journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service
'';
"fail2ban/filter.d/bitwarden_rs-admin.conf".text = ''
[Definition]
failregex = ^.*Invalid admin token\. IP: <ADDR>.*$
ignoreregex =
journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service
'';
};
}; };
} }