Enable fail2ban in apex login node

We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441

m/apex/configuration.nix

@@ -57,6 +57,8 @@
     };
   };
 
+  services.fail2ban.enable = true;
+
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our