services: photoprism: add fail2ban rules

2022-10-13 11:47:24 +02:00 · 2022-10-13 11:47:24 +02:00 · 897c1f57a8
parent 00df5ff49b
commit 897c1f57a8
1 changed files with 18 additions and 0 deletions
--- a/services/photoprism.nix
+++ b/services/photoprism.nix
@ -91,5 +91,23 @@ in {
        "${cfg.home}/storage"
      ];
    };
+
+    services.fail2ban.jails = {
+      photoprism = ''
+        enabled = true
+        filter = photoprism-failed-login
+        port = http,https
+        maxretry = 3
+        logpath = /var/log/nginx/photoprism_access.log
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/photoprism-failed-login.conf".text = ''
+        [Definition]
+        failregex = ^<HOST> -.*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
+        ignoreregex =
+      '';
+    };
  };
 }