services: photoprism: add fail2ban rules

2022-10-13 11:47:24 +02:00 · 2022-10-13 11:47:24 +02:00 · a4db741ed4
parent a116894bba
commit a4db741ed4
1 changed files with 18 additions and 0 deletions
--- a/services/photoprism.nix
+++ b/services/photoprism.nix
@ -91,5 +91,23 @@ in {
        "${cfg.home}/storage"
      ];
    };
+
+    services.fail2ban.jails = {
+      photoprism = ''
+        enabled = true
+        filter = photoprism-failed-login
+        port = http,https
+        maxretry = 3
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/photoprism-failed-login.conf".text = ''
+        [Definition]
+        failregex = ^.* photoprism: <HOST> - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
+        ignoreregex =
+        journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog
+      '';
+    };
  };
 }