services: photoprism: add fail2ban rules

This commit is contained in:
Antoine Martin 2022-10-13 11:47:24 +02:00
parent a116894bba
commit a4db741ed4

View file

@ -91,5 +91,23 @@ in {
"${cfg.home}/storage"
];
};
services.fail2ban.jails = {
photoprism = ''
enabled = true
filter = photoprism-failed-login
port = http,https
maxretry = 3
'';
};
environment.etc = {
"fail2ban/filter.d/photoprism-failed-login.conf".text = ''
[Definition]
failregex = ^.* photoprism: <HOST> - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
ignoreregex =
journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog
'';
};
};
}