From 1d717b862e27b6dd160024ba0539a792691d6bcd Mon Sep 17 00:00:00 2001
From: toufic ar <contact@toufy.me>
Date: Thu, 29 Jan 2026 17:41:53 +0200
Subject: [PATCH] add fail2ban config

---
 config/default.nix           |  3 ++-
 config/security/default.nix  |  3 +++
 config/security/fail2ban.nix | 14 ++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 config/security/default.nix
 create mode 100644 config/security/fail2ban.nix

diff --git a/config/default.nix b/config/default.nix
index 62123e0..ad44d15 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+{
   imports = [
     ./disks.nix
     ./hardware-configuration.nix
@@ -9,6 +9,7 @@
     ./nvim
     ./http
     ./search
+    ./security
   ];
   system.stateVersion = "25.05";
 }
diff --git a/config/security/default.nix b/config/security/default.nix
new file mode 100644
index 0000000..0eaeffa
--- /dev/null
+++ b/config/security/default.nix
@@ -0,0 +1,3 @@
+{
+  imports = [./fail2ban.nix];
+}
diff --git a/config/security/fail2ban.nix b/config/security/fail2ban.nix
new file mode 100644
index 0000000..1c6b9d6
--- /dev/null
+++ b/config/security/fail2ban.nix
@@ -0,0 +1,14 @@
+{
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime = "6h";
+    bantime-increment = {
+      enable = true;
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      multipliers = "1 2 4 8 16 32 64";
+      rndtime = "6h";
+      overalljails = true;
+    };
+  };
+}