# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

let
  act = a: [
    "nft46"
    "${a} element inet reaction ipvXbans { <ip> }"
  ];

  journalctl = u: [
    "journalctl"
    "-fn0"
    "-u"
    "${u}.service"
  ];

  ban = after: {
    ban.cmd = act "add";
    unban = {
      inherit after;

      cmd = act "delete";
    };
  };
in

{
  ai-crawlers = {
    cmd = [
      "tail"
      "-n0"
      "-f"
      "/var/log/nginx/access.log"
    ];

    filters.bots = {
      regex = builtins.map (name: ''^<ip>.*"[^"]*${name}[^"]*"$'') [
        "AI2Bot"
        "Amazonbot"
        "Applebot"
        "Applebot-Extended"
        "Bytespider"
        "CCBot"
        "ChatGPT-User"
        "ClaudeBot"
        "Diffbot"
        "DuckAssistBot"
        "FacebookBot"
        "GPTBot"
        "Google-Extended"
        "Kangaroo Bot"
        "Meta-ExternalAgent"
        "Meta-ExternalFetcher"
        "OAI-SearchBot"
        "PerplexityBot"
        "Timpibot"
        "Webzio-Extended"
        "YouBot"
        "omgili"
      ];
      actions = ban "720h";
    };
  };

  ssh = {
    cmd = journalctl "sshd";

    filters = {
      failedlogin = {
        regex = [
          "authentication failure;.*rhost=<ip>"
          "Connection reset by authenticating user .* <ip>"
          "Connection closed by invalid user .* <ip> port .*"
          "Failed password for .* from <ip>"
          "Invalid user .* from <ip> port .*"
          "Unable to negotiate with <ip> port .*"
        ];
        actions = ban "48h";
      };
    };
  };
}