services: photoprism: add fail2ban rules
This commit is contained in:
parent
a116894bba
commit
a4db741ed4
|
@ -91,5 +91,23 @@ in {
|
|||
"${cfg.home}/storage"
|
||||
];
|
||||
};
|
||||
|
||||
services.fail2ban.jails = {
|
||||
photoprism = ''
|
||||
enabled = true
|
||||
filter = photoprism-failed-login
|
||||
port = http,https
|
||||
maxretry = 3
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"fail2ban/filter.d/photoprism-failed-login.conf".text = ''
|
||||
[Definition]
|
||||
failregex = ^.* photoprism: <HOST> - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
|
||||
ignoreregex =
|
||||
journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue