add fail2ban

hosts/baal/default.nix

@@ -33,6 +33,37 @@
     networkmanager.enable = true;
   };
 
+    services.fail2ban = {
+    enable = true;
+    # Ban IP after 5 failures
+    maxretry = 5;
+    ignoreIP = [
+      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"
+    ];
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    bantime-increment = {
+      enable = true; # Enable increment of bantime after each violation
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # Do not ban for more than 1 week
+      overalljails = true; # Calculate the bantime based on all the violations
+    };
+    jails = {
+      apache-nohome-iptables.settings = {
+        # Block an IP address if it accesses a non-existent
+        # home directory more than 5 times in 10 minutes,
+        # since that indicates that it's scanning.
+        filter = "apache-nohome";
+        action = ''iptables-multiport[name=HTTP, port="http,https"]'';
+        logpath = "/var/log/httpd/error_log*";
+        backend = "auto";
+        findtime = 600;
+        bantime  = 600;
+        maxretry = 5;
+      };
+    };
+  };
+
   virtualisation.docker = {
     enable = true;
     enableOnBoot = true;

hosts/buer/default.nix

@@ -66,6 +66,37 @@
     useDHCP = false;
   };
 
+    services.fail2ban = {
+    enable = true;
+    # Ban IP after 5 failures
+    maxretry = 5;
+    ignoreIP = [
+      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"
+    ];
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    bantime-increment = {
+      enable = true; # Enable increment of bantime after each violation
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # Do not ban for more than 1 week
+      overalljails = true; # Calculate the bantime based on all the violations
+    };
+    jails = {
+      apache-nohome-iptables.settings = {
+        # Block an IP address if it accesses a non-existent
+        # home directory more than 5 times in 10 minutes,
+        # since that indicates that it's scanning.
+        filter = "apache-nohome";
+        action = ''iptables-multiport[name=HTTP, port="http,https"]'';
+        logpath = "/var/log/httpd/error_log*";
+        backend = "auto";
+        findtime = 600;
+        bantime  = 600;
+        maxretry = 5;
+      };
+    };
+  };
+
   # Static IP configuration via systemd-networkd
   systemd.network = {
     enable = true;

hosts/valefar/default.nix

@@ -262,6 +262,37 @@
     };
   };
 
+  services.fail2ban = {
+    enable = true;
+    # Ban IP after 5 failures
+    maxretry = 5;
+    ignoreIP = [
+      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"
+    ];
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    bantime-increment = {
+      enable = true; # Enable increment of bantime after each violation
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # Do not ban for more than 1 week
+      overalljails = true; # Calculate the bantime based on all the violations
+    };
+    jails = {
+      apache-nohome-iptables.settings = {
+        # Block an IP address if it accesses a non-existent
+        # home directory more than 5 times in 10 minutes,
+        # since that indicates that it's scanning.
+        filter = "apache-nohome";
+        action = ''iptables-multiport[name=HTTP, port="http,https"]'';
+        logpath = "/var/log/httpd/error_log*";
+        backend = "auto";
+        findtime = 600;
+        bantime  = 600;
+        maxretry = 5;
+      };
+    };
+  };
+
   # =============================================================================
   # PACKAGES
   # =============================================================================