From 689fee1398598a38dd3cd42d93665eb350bd326b Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Thu, 16 Jan 2025 17:25:28 +0100
Subject: [PATCH] feat(sterni/machines): enable fail2ban for ssh

The upstream module is kind of inscrutable so it may be nice to port it
to a simple reaction setup. Since that's probably going to require
writing rules manually, though, I'm putting this off for now.

Change-Id: Ic3d8c5f2d1b08701f0dc5b8b4eb57dc45bcd58ee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13008
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
---
 users/sterni/modules/common.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/users/sterni/modules/common.nix b/users/sterni/modules/common.nix
index 2c513acad..1ea1501f2 100644
--- a/users/sterni/modules/common.nix
+++ b/users/sterni/modules/common.nix
@@ -50,6 +50,8 @@ in
       '';
 
       openssh.enable = true;
+      # TODO(sterni): consider porting to reaction
+      fail2ban.enable = true;
     };
 
     programs = {