nixbld: enable fail2ban

nixbld-etc-nixos/configuration.nix

@@ -45,6 +45,15 @@ in
   ];
 
   security.apparmor.enable = true;
+  services.fail2ban.enable = true;
+  services.fail2ban.maxretry = 9;
+  services.fail2ban.bantime-increment.enable = true;
+  services.fail2ban.jails.sshd =
+    ''
+    enabled = true
+    filter = sshd
+    action = iptables-allports
+    '';
 
   networking = {
     hostName = "nixbld";