From 45eb1526dc65fc394339b7554e9b8294893f082f Mon Sep 17 00:00:00 2001
From: Evie Litherland-Smith <evie@xenia.me.uk>
Date: Tue, 16 May 2023 11:24:19 +0100
Subject: [PATCH] Add fail2ban config for traefik

---
 server/traefik.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/traefik.nix b/server/traefik.nix
index 9d00521b..26179ad3 100644
--- a/server/traefik.nix
+++ b/server/traefik.nix
@@ -1,5 +1,6 @@
 { ... }:
 {
+  imports = [ ./fail2ban.nix ];
   services.traefik = {
     enable = true;
     staticConfigOptions = {
@@ -24,4 +25,10 @@
     };
   };
   networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 8080 ]; };
+  services.fail2ban.jails.traefik = ''
+    enabled = true
+    filter = traefik-auth
+    ports = http,https,8080
+    backend = systemd
+  '';
 }