diff --git a/hosts/server.nix b/hosts/server.nix
index 23eb269..f88a032 100644
--- a/hosts/server.nix
+++ b/hosts/server.nix
@@ -41,6 +41,19 @@
     };
   };
 
+  services.fail2ban = {
+    enable = true;
+    bantime = "1h";
+    bantime-increment = {
+      enable = true;
+      maxtime = "24h";
+      rndtime = "7m";
+    };
+    ignoreIP = [
+      "100.64.0.0/10"
+    ];
+  };
+
   modules.networking.tailscale = {
     enable = true;
     restrictSSH = false;