From dbc3621c794806b2a8badad292b909610108fc74 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Thu, 20 Mar 2025 21:13:10 +0100
Subject: tweak(tente): enable fail2ban for SSH

---
 nixos/hosts/tente/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 72cd466..a2bf681 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -144,6 +144,9 @@ in
   ];
   networking.firewall.allowedUDPPorts = [];
 
+  # comes with a pre-configured SSH jail
+  services.fail2ban.enable = true;
+
   users.groups.www-data = {};
 
   systemd.tmpfiles.rules = [
-- 
cgit v1.2.3