services: photoprism: add fail2ban rules
This commit is contained in:
parent
a116894bba
commit
a4db741ed4
|
@ -91,5 +91,23 @@ in {
|
||||||
"${cfg.home}/storage"
|
"${cfg.home}/storage"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.fail2ban.jails = {
|
||||||
|
photoprism = ''
|
||||||
|
enabled = true
|
||||||
|
filter = photoprism-failed-login
|
||||||
|
port = http,https
|
||||||
|
maxretry = 3
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc = {
|
||||||
|
"fail2ban/filter.d/photoprism-failed-login.conf".text = ''
|
||||||
|
[Definition]
|
||||||
|
failregex = ^.* photoprism: <HOST> - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
|
||||||
|
ignoreregex =
|
||||||
|
journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue