config/modules/base/sshguard/default.nix

{
  config,
  lib,
  myData,
  ...
}: {
  options.mj.base.sshguard = with lib.types; {
    enable = lib.mkOption {
      type = bool;
      default = true;
    };
  };

  config = lib.mkIf config.mj.base.sshguard.enable {
    services.sshguard = {
      enable = true;
      blocktime = 900;
      whitelist =
        ["192.168.0.0/16" myData.subnets.tailscale.cidr]
        ++ (lib.catAttrs "publicIP" (lib.attrValues myData.hosts));
    };
  };
}
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`{`
			`config,`
			`lib,`
			`myData,`
			`...`
			`}: {`
			`options.mj.base.sshguard = with lib.types; {`
			`enable = lib.mkOption {`
			`type = bool;`
			`default = true;`
			`};`
			`};`

			`config = lib.mkIf config.mj.base.sshguard.enable {`
			`services.sshguard = {`
			`enable = true;`
			`blocktime = 900;`
start/stop firewall commands 2023-07-26 15:10:39 +03:00			`whitelist =`
open up samba 2023-09-12 16:08:08 +03:00			`["192.168.0.0/16" myData.subnets.tailscale.cidr]`
start/stop firewall commands 2023-07-26 15:10:39 +03:00			`++ (lib.catAttrs "publicIP" (lib.attrValues myData.hosts));`
enable sshguard and plocate 2023-07-26 14:10:22 +03:00			`};`
			`};`
			`}`