add f2b bypass for tailnet
This commit is contained in:
RingOfStorms (Joshua Bell)
parent
8b2a1b1f4f
commit
19d97c8de5
1 changed files with 6 additions and 2 deletions
|
|
@ -29,7 +29,7 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
description = "Enable fail2ban.";
|
description = "Enable fail2ban.";
|
||||||
};
|
};
|
||||||
allowRootPasswordLogin = lib.mkOption {
|
allowPasswordLogin = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = "Allow root password login.";
|
description = "Allow root password login.";
|
||||||
|
|
@ -45,6 +45,10 @@ in
|
||||||
# Use fail2ban
|
# Use fail2ban
|
||||||
services.fail2ban = lib.mkIf cfg.fail2Ban {
|
services.fail2ban = lib.mkIf cfg.fail2Ban {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
# Ignore my tailnet
|
||||||
|
ignoreIP = [
|
||||||
|
"100.64.0.0/10"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open ports in the firewall if enabled.
|
# Open ports in the firewall if enabled.
|
||||||
|
|
@ -58,7 +62,7 @@ in
|
||||||
settings = {
|
settings = {
|
||||||
LogLevel = "VERBOSE";
|
LogLevel = "VERBOSE";
|
||||||
PermitRootLogin = "yes";
|
PermitRootLogin = "yes";
|
||||||
PasswordAuthentication = if cfg.allowRootPasswordLogin then true else false;
|
PasswordAuthentication = cfg.allowPasswordLogin;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue