From 19d97c8de5c7c7067951b756f6eb98f41a1e2285 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Wed, 19 Mar 2025 09:26:18 -0500
Subject: [PATCH] add f2b bypass for tailnet

---
 common/programs/ssh.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/common/programs/ssh.nix b/common/programs/ssh.nix
index 6cbc169..6b0cea7 100644
--- a/common/programs/ssh.nix
+++ b/common/programs/ssh.nix
@@ -29,7 +29,7 @@ in
         default = true;
         description = "Enable fail2ban.";
       };
-      allowRootPasswordLogin = lib.mkOption {
+      allowPasswordLogin = lib.mkOption {
         type = lib.types.bool;
         default = false;
         description = "Allow root password login.";
@@ -45,6 +45,10 @@ in
     # Use fail2ban
     services.fail2ban = lib.mkIf cfg.fail2Ban {
       enable = true;
+      # Ignore my tailnet
+      ignoreIP = [
+        "100.64.0.0/10"
+      ];
     };
 
     # Open ports in the firewall if enabled.
@@ -58,7 +62,7 @@ in
       settings = {
         LogLevel = "VERBOSE";
         PermitRootLogin = "yes";
-        PasswordAuthentication = if cfg.allowRootPasswordLogin then true else false;
+        PasswordAuthentication = cfg.allowPasswordLogin;
       };
     };