crony/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(servers): secure them even more.

Browse source
This commit is contained in:
CronyAkatsuki 2025-10-16 22:33:26 +02:00
parent bda1048f47
commit 636ef55e50
2 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/servers/general/traefik.nix
View file

@ -4,6 +4,14 @@
staticConfigOptions = {
serversTransport.insecureSkipVerify = true;
log = {level = "DEBUG";};
experimental = {
plugins = {
fail2ban = {
moduleName = "github.com/tomMoulard/fail2ban";
version = "v0.8.7";
};
};
};
certificatesResolvers = {
porkbun = {
acme = {
@ -32,6 +40,29 @@
};
websecure = {
address = ":443";
http.middlewares = [
"fail2ban"
];
};
};
};
dynamicConfigOptions.http = {
middlewares = {
fail2ban = {
plugin = {
fail2ban = {
rules = {
bantime = "168h";
enabled = true;
findtime = "10m";
maxretry = 4;
statuscode = "400,401,403-499";
};
allowlist = {
ip = ["65.21.241.194"];
};
};
};
};
};
};