1
0
Fork 0

Services: finalize and enable webdav

This commit is contained in:
Aires 2024-11-02 11:53:13 -04:00
parent 15a76b612b
commit 0242700eea
3 changed files with 28 additions and 1 deletions

View file

@ -236,7 +236,7 @@ in
};
};
webdav = {
enable = false;
enable = true;
home = "${services-root}/webdav";
url = config.secrets.services.webdav.url;
users = config.secrets.services.webdav.users;

Binary file not shown.

View file

@ -43,6 +43,7 @@ in
port = port;
scope = cfg.home;
users = cfg.users;
behindProxy = true;
};
};
@ -60,6 +61,32 @@ in
};
};
environment.etc = lib.mkIf config.services.fail2ban.enable {
"fail2ban/filter.d/webdav.conf".text = ''
[INCLUDES]
before = common.conf
[Definition]
# Failregex to match "invalid password" and extract remote_address only
failregex = ^.*invalid password\s*\{.*"remote_address":\s*"<HOST>"\s*\}
# Failregex to match "invalid username" and extract remote_address only (if applicable)
failregex += ^.*invalid username\s*\{.*"remote_address":\s*"<HOST>"\s*\}
ignoreregex =
'';
"fail2ban/jail.d/webdav.conf".text = ''
[webdav]
enabled = true
port = ${builtins.toString port}
filter = webdav
logpath = /var/log/webdav/fail2ban.log
banaction = iptables-allports
ignoreself = false
'';
};
systemd.services = {
webdav.unitConfig.RequiresMountsFor = cfg.home;
nginx.wants = [ config.systemd.services.webdav.name ];