about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2021-05-23T12·03+0200
committergrfn <grfn@gws.fyi>2021-05-23T12·40+0000
commit75f19a05a19a1f556663780c5b070a2d7a2e3932 (patch)
tree177fefc7260c6a4f2ac3555f15cfdbfa5429f407 /ops
parent780bb86eff397c51d5f48aec7f2520fa35faeb53 (diff)
feat(whitby): Enable fail2ban r/2610
I like running fail2ban on any machine that has stuff like ssh
world-open, to limit the potential for password brute-force attacks etc.

Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops')
-rw-r--r--ops/machines/whitby/default.nix2
1 files changed, 2 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 66a0fe1b82fb..0f2a43641cc6 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -358,6 +358,8 @@ in {
     bindAddress = "localhost";
   };
 
+  services.fail2ban.enable = true;
+
   environment.systemPackages = with pkgs; [
     bb
     curl