diff options
author | Griffin Smith <grfn@gws.fyi> | 2021-05-23T12·03+0200 |
---|---|---|
committer | grfn <grfn@gws.fyi> | 2021-05-23T12·40+0000 |
commit | 75f19a05a19a1f556663780c5b070a2d7a2e3932 (patch) | |
tree | 177fefc7260c6a4f2ac3555f15cfdbfa5429f407 /ops/machines | |
parent | 780bb86eff397c51d5f48aec7f2520fa35faeb53 (diff) |
feat(whitby): Enable fail2ban r/2610
I like running fail2ban on any machine that has stuff like ssh world-open, to limit the potential for password brute-force attacks etc. Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/machines')
-rw-r--r-- | ops/machines/whitby/default.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 66a0fe1b82fb..0f2a43641cc6 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -358,6 +358,8 @@ in { bindAddress = "localhost"; }; + services.fail2ban.enable = true; + environment.systemPackages = with pkgs; [ bb curl |