From ce732af957b99dd087b2f552d19f157bbde4ec20 Mon Sep 17 00:00:00 2001
From: Hektor Misplon <hektor.misplon@pm.me>
Date: Tue, 9 Dec 2025 23:10:24 +0100
Subject: [PATCH] feat: add 'fail2ban' to 'hecuba' host

---
 hosts/hecuba/default.nix | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/hosts/hecuba/default.nix b/hosts/hecuba/default.nix
index 30924f3..3f4baf8 100644
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -9,11 +9,6 @@
     ../../modules/ssh/hardened-openssh.nix
   ];
 
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-  ];
-
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
     fsType = "ext4";
@@ -48,6 +43,16 @@
     firewall.enable = true;
   };
 
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+  };
+
   services.openssh = {
     enable = true;
     harden = true;