From 75f19a05a19a1f556663780c5b070a2d7a2e3932 Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Sun, 23 May 2021 14:03:19 +0200 Subject: feat(whitby): Enable fail2ban I like running fail2ban on any machine that has stuff like ssh world-open, to limit the potential for password brute-force attacks etc. Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138 Tested-by: BuildkiteCI Reviewed-by: tazjin --- ops/machines/whitby/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ops') diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 66a0fe1b82fb..0f2a43641cc6 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -358,6 +358,8 @@ in { bindAddress = "localhost"; }; + services.fail2ban.enable = true; + environment.systemPackages = with pkgs; [ bb curl -- cgit 1.4.1