Bump

1 files changed, 27 insertions, 18 deletions

diff --git a/modules/system/access/ssh.nix b/modules/system/access/ssh.nix
index b1fc187..8a2b30d 100644
--- a/modules/system/access/ssh.nix
+++ b/modules/system/access/ssh.nix
@@ -1,26 +1,35 @@
+{ lib, config, ... }:
 {
   programs.ssh.startAgent = false;
 
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-    openFirewall = false;
+  services = {
+    fail2ban.jails.sshd.settings = {
+      enabled = true;
+      filter = "sshd[mode=aggressive]";
+      port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
+    };
+
+    openssh = {
+      enable = true;
+      ports = [ 22 ];
+      openFirewall = false;
 
-    settings = {
-      KexAlgorithms = [
-        "curve25519-sha256"
-        "[email protected]"
-        "diffie-hellman-group16-sha512"
-        "diffie-hellman-group18-sha512"
-        "diffie-hellman-group-exchange-sha256"
-        "[email protected]"
-      ];
+      settings = {
+        KexAlgorithms = [
+          "curve25519-sha256"
+          "[email protected]"
+          "diffie-hellman-group16-sha512"
+          "diffie-hellman-group18-sha512"
+          "diffie-hellman-group-exchange-sha256"
+          "[email protected]"
+        ];
 
-      Macs = [
-        "[email protected]"
-        "[email protected]"
-        "[email protected]"
-      ];
+        Macs = [
+          "[email protected]"
+          "[email protected]"
+          "[email protected]"
+        ];
+      };
     };
   };
 }