nixos/fail2ban: add extraSettings option

2025-02-23 12:34:15 +00:00 · 2023-04-19 14:11:40 +02:00 · 2023-04-19 14:11:40 +02:00 · 066166cf49
commit 066166cf49
parent 73d2aeacf5
1 changed files with 18 additions and 0 deletions
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@ -209,6 +209,20 @@ in
       '';
      };

+      extraSettings = mkOption {
+        type = with types; attrsOf (oneOf [ bool ints.positive str ]);
+        default = {};
+        description = lib.mdDoc ''
+          Extra default configuration for all jails (i.e. `[DEFAULT]`). See
+          <https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf> for an overview.
+        '';
+        example = literalExpression ''
+          {
+            findtime = "15m";
+          }
+        '';
+      };
+
      jails = mkOption {
        default = { };
        example = literalExpression ''
@ -335,6 +349,10 @@ in
      # Actions
      banaction   = ${cfg.banaction}
      banaction_allports = ${cfg.banaction-allports}
+      ${optionalString (cfg.extraSettings != {}) ''
+        # Extra settings
+        ${generators.toKeyValue {} cfg.extraSettings}
+      ''}
    '';
    # Block SSH if there are too many failing connection attempts.
    # Benefits from verbose sshd logging to observe failed login attempts,