From 15a26570be6794397e707ec8b84b3f30ef549969 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 21 Nov 2025 12:09:01 +0100
Subject: [PATCH] Increase fail2ban ban time on each attempt

---
 m/apex/configuration.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/m/apex/configuration.nix b/m/apex/configuration.nix
index c2a3e73e..71c69f8d 100644
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,7 +57,14 @@
     };
   };
 
-  services.fail2ban.enable = true;
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
 
   # Disable SSH login with password, allow only keypair
   services.openssh.settings.PasswordAuthentication = false;