diff --git a/server/traefik.nix b/server/traefik.nix index 9d00521b..26179ad3 100644 --- a/server/traefik.nix +++ b/server/traefik.nix @@ -1,5 +1,6 @@ { ... }: { + imports = [ ./fail2ban.nix ]; services.traefik = { enable = true; staticConfigOptions = { @@ -24,4 +25,10 @@ }; }; networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 8080 ]; }; + services.fail2ban.jails.traefik = '' + enabled = true + filter = traefik-auth + ports = http,https,8080 + backend = systemd + ''; }