diff --git a/hosts/hecuba/default.nix b/hosts/hecuba/default.nix
index 30924f3..3f4baf8 100644
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -9,11 +9,6 @@
     ../../modules/ssh/hardened-openssh.nix
   ];
 
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-  ];
-
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
     fsType = "ext4";
@@ -48,6 +43,16 @@
     firewall.enable = true;
   };
 
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+  };
+
   services.openssh = {
     enable = true;
     harden = true;