services: photoprism: add fail2ban rules

2022-10-13 11:47:24 +02:00 · 2022-10-13 11:47:24 +02:00 · a4db741ed4
parent a116894bba
commit a4db741ed4
1 changed files with 18 additions and 0 deletions
--- a/services/photoprism.nix
+++ b/services/photoprism.nix
@ -91,5 +91,23 @@ in {
        "${cfg.home}/storage"
      ];
    };
    services.fail2ban.jails = {
      photoprism = ''
        enabled = true
        filter = photoprism-failed-login
        port = http,https
        maxretry = 3
      '';
    };
    environment.etc = {
      "fail2ban/filter.d/photoprism-failed-login.conf".text = ''
        [Definition]
        failregex = ^.* photoprism: <HOST> - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$
        ignoreregex =
        journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog
      '';
    };
  };
 }