From 2d2762d4ec0d04cf6e66856022e5a138a1feaff9 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 20 Nov 2025 15:17:06 +0100
Subject: [PATCH] Enable fail2ban in apex login node

We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441
---
 m/apex/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/m/apex/configuration.nix b/m/apex/configuration.nix
index 6b1073b0..2b4047a1 100644
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,8 @@
     };
   };
 
+  services.fail2ban.enable = true;
+
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our