From 7d51eaa7d8a70a3742d1db2e53f71da80802049a Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Sun, 11 Mar 2018 19:41:14 +0100
Subject: [PATCH] fail2ban recidive jail so I can lock myself out optimally

---
 roles/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/default.nix b/roles/default.nix
index b134c3c..234a15f 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -21,6 +21,14 @@ in
 	};
   services.timesyncd.enable = true;
   services.fail2ban.enable = true;
+  # ban repeat offenders longer
+  services.fail2ban.jails.recidive = ''
+    filter = recidive
+    action = iptables-allports[name=recidive]
+    maxretry = 5
+    bantime = 604800 ; 1 week
+    findtime = 86400 ; 1 day
+  '';
 	users.extraUsers.yorick = {
 	  isNormalUser = true;
 	  uid = 1000;