update hosts (+ update sshPort)

groups/server/default.nix

@@ -1,7 +1,7 @@
 {lib, ...}: {
   networking.firewall = {
     allowedTCPPorts = [
-      22
+      42069 # ssh
     ];
   };
 
@@ -9,7 +9,7 @@
     # accept Lets Encrypt's security policy
     acme = {
       acceptTerms = true;
-      defaults.email = "them@dobutterfliescry.net";
+      defaults.email = "eclarkboman@gmail.com";
     };
 
     sudo = {
@@ -26,7 +26,7 @@
   services = {
     openssh = {
       enable = true;
-      ports = [22];
+      ports = [42069];
       settings = {
         PasswordAuthentication = false;
         PermitRootLogin = "no";
@@ -37,6 +37,22 @@
     };
   };
 
+  # simple fail2ban config (not production ready or anything though)
+  # refer to: https://nixos.wiki/wiki/Fail2Ban
+  services.fail2ban = {
+    enable = true;
+
+    maxretry = 5;
+    bantime = "10m"; # 10 minute ban
+    bantime-increment = {
+      enable = true;
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      # multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # dont ban for more than 1 week
+      overalljails = true;
+    };
+  };
+
   users = {
     users = {
       # primary user