From e227cab2d70a6e7d00a68f22ffa5b73ccd98e945 Mon Sep 17 00:00:00 2001
From: Nikolaos Karaolidis <nick@karaolidis.com>
Date: Fri, 7 Mar 2025 10:15:37 +0000
Subject: [PATCH] Add fail2ban

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
---
 hosts/common/configs/system/sshd/default.nix | 32 ++++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/hosts/common/configs/system/sshd/default.nix b/hosts/common/configs/system/sshd/default.nix
index e195489..fb3b584 100644
--- a/hosts/common/configs/system/sshd/default.nix
+++ b/hosts/common/configs/system/sshd/default.nix
@@ -1,15 +1,27 @@
 { ... }:
 {
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-    openFirewall = true;
-    settings = {
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-      PrintMotd = false;
-    };
+  environment = {
+    enableAllTerminfo = true;
+    persistence."/persist"."/var/lib/fail2ban" = { };
   };
 
-  environment.enableAllTerminfo = true;
+  services = {
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PrintMotd = false;
+      };
+    };
+
+    fail2ban = {
+      enable = true;
+      bantime = "24h";
+      bantime-increment = {
+        enable = true;
+        maxtime = "720h";
+        overalljails = true;
+      };
+    };
+  };
 }