fail2ban on rackserv

sys/machines/rackserv/default.nix

@@ -1,10 +1,6 @@
 {
-  lib,
-  pkgs,
   inputs,
   systemProfiles,
-  specialArgs,
-  self,
   ...
 }: {
   imports =
@@ -13,6 +9,7 @@
       inputs.impermanence.nixosModules.impermanence
       inputs.disko.nixosModules.disko
       ./disk-config.nix
+      ./fail2ban.nix
     ]
     ++ (map (x: systemProfiles + x) [
       /core/security.nix

sys/machines/rackserv/fail2ban.nix

@@ -0,0 +1,12 @@
+{
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = ["100.64.0.0/10"]; # tailscale
+    bantime = "1h";
+    bantime-increment = {
+      enable = true;
+      maxtime = "168h";
+      factor = "4";
+    };
+  };
+}