From 72af92c4ebdeac884e6aece4c4dbfb0746d2be60 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Josh)" <ringofstorms@gmail.com>
Date: Tue, 9 Jul 2024 17:32:02 -0500
Subject: [PATCH] add fail2ban on ssh

---
 hosts/_common/components/ssh.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/hosts/_common/components/ssh.nix b/hosts/_common/components/ssh.nix
index 33ec80b..e569cf8 100644
--- a/hosts/_common/components/ssh.nix
+++ b/hosts/_common/components/ssh.nix
@@ -1,10 +1,19 @@
 { ... }:
 {
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings.PermitRootLogin = "yes";
+  # Use fail2ban
+  services.fail2ban = {
+    enable = true;
+  };
+
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
     22 # sshd
   ];
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    logLevel = "VERBOSE";
+    settings.PermitRootLogin = "yes";
+  };
 }