From 8bc751926cf51b995d8969e79db52a1401ea6860 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Wed, 22 May 2024 07:48:45 +0100
Subject: [PATCH] Add fail2ban to server hosts

---
 hosts/server.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/hosts/server.nix b/hosts/server.nix
index 23eb269..f88a032 100644
--- a/hosts/server.nix
+++ b/hosts/server.nix
@@ -41,6 +41,19 @@
     };
   };
 
+  services.fail2ban = {
+    enable = true;
+    bantime = "1h";
+    bantime-increment = {
+      enable = true;
+      maxtime = "24h";
+      rndtime = "7m";
+    };
+    ignoreIP = [
+      "100.64.0.0/10"
+    ];
+  };
+
   modules.networking.tailscale = {
     enable = true;
     restrictSSH = false;