diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 5947719e..6701784e 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -45,6 +45,15 @@ in ]; security.apparmor.enable = true; + services.fail2ban.enable = true; + services.fail2ban.maxretry = 9; + services.fail2ban.bantime-increment.enable = true; + services.fail2ban.jails.sshd = + '' + enabled = true + filter = sshd + action = iptables-allports + ''; networking = { hostName = "nixbld";