# SPDX-FileCopyrightText: 2024 Tom Hubrecht # # SPDX-License-Identifier: EUPL-1.2 let act = a: [ "nft46" "${a} element inet reaction ipvXbans { }" ]; journalctl = u: [ "journalctl" "-fn0" "-u" "${u}.service" ]; ban = after: { ban.cmd = act "add"; unban = { inherit after; cmd = act "delete"; }; }; available = { ssh = { cmd = journalctl "sshd"; filters = { failedlogin = { regex = [ "authentication failure;.*rhost=" "Connection reset by authenticating user .* " "Connection closed by invalid user .* port .*" "Failed password for .* from " "Invalid user .* from port .*" "Unable to negotiate with port .*" ]; actions = ban "48h"; }; }; }; }; in builtins.mapAttrs (_: builtins.foldl' (a: s: a // { ${s} = available.${s}; }) { }) { default = [ "ssh" ]; }