notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

security: update f2b

Browse source
This commit is contained in:
notohh 2023-12-30 13:33:47 -05:00
parent 5155280203
commit 2e69421f10
Signed by: notohh
GPG key ID: BD47506D475EE86D
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
modules/security.nix
View file

@ -40,13 +40,16 @@
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
}; };
boot.kernelModules = ["tcp_bbr"]; boot.kernelModules = ["tcp_bbr"];
# So we don't have to do this later... services.openssh.settings.LogLevel = "VERBOSE";
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "github@notohh.dev"; defaults.email = "github@notohh.dev";
}; };
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
bantime = "1h"; bantime = "1h";
@ -55,15 +58,17 @@
"192.168.0.0/16" "192.168.0.0/16"
"172.16.0.0/12" "172.16.0.0/12"
"10.0.0.0/8" "10.0.0.0/8"
"5.161.181.184/32" "5.161.102.107/32"
"100.71.49.65/10" "100.71.49.65/10"
"100.82.146.40/10" "100.82.146.40/10"
]; ];
jails.DEFAULT = { jails = {
DEFAULT = {
settings = { settings = {
findtime = 100000; findtime = 100000;
mode = "aggressive"; mode = "aggressive";
}; };
}; };
}; };
};
} }