Increase fail2ban ban time on each attempt

Reviewed-by: Aleix Boné <abonerib@bsc.es>
2025-11-21 12:09:01 +01:00
parent f921f0a4bd
commit c2a201b085
1 changed files with 8 additions and 1 deletions
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,7 +57,14 @@
    };
  };

-  services.fail2ban.enable = true;
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };

  # Disable SSH login with password, allow only keypair
  services.openssh.settings.PasswordAuthentication = false;