don't penalize local network

author: Franck Cuny <franck@fcuny.net> 2025-11-30 18:26:27 -0800
committer: Franck Cuny <franck@fcuny.net> 2025-11-30 18:26:27 -0800
commit: 20e3cee429e52e04dca4589a659252ca23181574 (patch)
tree: 605000c471bc9b50e674c89082fcd161f7f339d2 /profiles
parent: don't ban local network (diff)
download: infra-20e3cee429e52e04dca4589a659252ca23181574.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/profiles/server.nix b/profiles/server.nix
index 5c5cacf..d950b67 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   boot.tmp.cleanOnBoot = true;
 
@@ -43,5 +43,9 @@
         type = "ed25519";
       }
     ];
+    # https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList
+    settings.PerSourcePenaltyExemptList = lib.strings.concatStringsSep "," [
+      "192.168.1.0/24"
+    ];
   };
 }
author	Franck Cuny <franck@fcuny.net>	2025-11-30 18:26:27 -0800
committer	Franck Cuny <franck@fcuny.net>	2025-11-30 18:26:27 -0800
commit	20e3cee429e52e04dca4589a659252ca23181574 (patch)
tree	605000c471bc9b50e674c89082fcd161f7f339d2 /profiles
parent	don't ban local network (diff)
download	infra-20e3cee429e52e04dca4589a659252ca23181574.tar.gz