Update config for fail2ban

3 files changed, 39 insertions, 0 deletions

diff --git a/configuration.nix b/configuration.nix
index 3e6ad48..a847f29 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -34,6 +34,7 @@
     ./automation.nix
     ./dbms.nix
     ./dns.nix
+    ./fail2ban.nix
     ./irc.nix
     ./git.nix
     ./mail.nix
diff --git a/fail2ban.nix b/fail2ban.nix
new file mode 100644
index 0000000..d30f6b0
--- /dev/null
+++ b/fail2ban.nix
@@ -0,0 +1,36 @@
+# Configuration for fail2ban
+# Copyright (C) 2024 Ngô Ngọc Đức Huy
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ pkgs, ... }:
+{
+  services.jail2ban = {
+    enable = true;
+    bantime = "30m";
+    bantime-increment = {
+      enable = true;
+      maxtime = "7d";
+    };
+    jails = {
+      maddy = {
+        settings = {
+          logpath = "/var/log/maddy.log";
+        };
+      };
+    };
+  };
+};
diff --git a/mail.nix b/mail.nix
index 505210e..c7d85ee 100644
--- a/mail.nix
+++ b/mail.nix
@@ -44,6 +44,8 @@ in {
           use_helper no
         }
 
+        log syslog /var/log/maddy.log
+
         storage.imapsql local_mailboxes {
           driver sqlite3
           dsn imapsql.db