feat(sterni/machines): enable fail2ban for ssh

The upstream module is kind of inscrutable so it may be nice to port it
to a simple reaction setup. Since that's probably going to require
writing rules manually, though, I'm putting this off for now.

Change-Id: Ic3d8c5f2d1b08701f0dc5b8b4eb57dc45bcd58ee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13008
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI

users/sterni/modules/common.nix

@@ -50,6 +50,8 @@ in
       '';
 
       openssh.enable = true;
+      # TODO(sterni): consider porting to reaction
+      fail2ban.enable = true;
     };
 
     programs = {