From aa16bfc0bc8cd503588473871e2ed8efc4aac434 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 20 Nov 2025 15:17:06 +0100
Subject: [PATCH] Enable fail2ban in apex login node
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/apex/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/m/apex/configuration.nix b/m/apex/configuration.nix
index 6b1073b0..2b4047a1 100644
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,8 @@
     };
   };
 
+  services.fail2ban.enable = true;
+
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our