From c8fcad448ab283d1f4f67f8cb27c8d42c0424f9c Mon Sep 17 00:00:00 2001
From: Lyes Saadi <dev@lyes.eu>
Date: Thu, 30 Oct 2025 01:39:28 +0100
Subject: [PATCH] Adding fail2ban and preparing things

---
 hosts/zora/reverse-proxy.nix |  4 ++++
 modules/server/default.nix   | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix
index 9e18e02..29b0364 100644
--- a/hosts/zora/reverse-proxy.nix
+++ b/hosts/zora/reverse-proxy.nix
@@ -19,6 +19,10 @@
         locations."/" = {
           root = "/var/data/www/lyes.eu/";
         };
+        extraConfig = ''
+          allow 82.67.15.247;
+          deny all;
+        '';
       };
       # 44300
       "auth.lyes.eu" = {
diff --git a/modules/server/default.nix b/modules/server/default.nix
index 011e5ae..e6f4fca 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -3,6 +3,16 @@
 {
   services.openssh.enable = true;
 
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "82.67.15.247"
+      "185.230.78.0/23"
+    ];
+    bantime = "1h";
+    bantime-increment.enable = true;
+  };
+
   boot.swraid = {
     enable = true;
     mdadmConf = ''