From 6b40745b29b237fe93c1cc077f4dce5d9ecb490a Mon Sep 17 00:00:00 2001
From: Daniel Patterson <me@danielpatterson.dev>
Date: Tue, 21 Mar 2023 21:20:13 +0000
Subject: [PATCH] Add fail2ban

---
 modules/default.nix          |  1 +
 modules/fail2ban/default.nix | 14 ++++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 modules/fail2ban/default.nix

diff --git a/modules/default.nix b/modules/default.nix
index 211b0e0..8b00b7c 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,6 +3,7 @@
     imports = [
       ./caddy
       ./dungflix
+      ./fail2ban
       ./monitoring
       ./synapse
       ./golink
diff --git a/modules/fail2ban/default.nix b/modules/fail2ban/default.nix
new file mode 100644
index 0000000..2312953
--- /dev/null
+++ b/modules/fail2ban/default.nix
@@ -0,0 +1,14 @@
+{...}:
+{
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    ignoreIP = [
+      "127.0.0.1/8"
+      "10.0.0.0/8"
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+      "8.8.8.8"
+    ];
+  };
+}