diff options
author | datafoo <34766150+datafoo@users.noreply.github.com> | 2023-04-17 11:22:09 +0200 |
---|---|---|
committer | pennae <82953136+pennae@users.noreply.github.com> | 2023-04-19 19:18:31 +0200 |
commit | 3403ee06021fd441c467f12e8ccde7ce66557304 (patch) | |
tree | 7d082ae65156cca3307cb69bc4228f451798da30 /nixos | |
parent | d32a852d2af256925ef1ec1a0024d650a77f9f86 (diff) |
nixos/fail2ban: add bantime option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index ead24d1470717..1962d3f59c9f5 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -78,6 +78,13 @@ in ''; }; + bantime = mkOption { + default = null; + type = types.nullOr types.str; + example = "10m"; + description = lib.mdDoc "Number of seconds that a host is banned."; + }; + maxretry = mkOption { default = 3; type = types.ints.unsigned; @@ -320,6 +327,9 @@ in ''} # Miscellaneous options ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP} + ${optionalString (cfg.bantime != null) '' + bantime = ${cfg.bantime} + ''} maxretry = ${toString cfg.maxretry} backend = systemd # Actions |