enabled fail2ban for sshd, will enable for more services later.

configs/nixos/fail2ban.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  inputs,
+  lib,
+  myLib,
+  ...
+}: {
+  services.fail2ban = {
+    enable = true;
+    bantime-increment.enable = true;
+    bantime-increment.maxtime = "1w";
+    extraPackages = [pkgs.ipset];
+    banaction = "iptables-ipset-proto6-allports";
+  };
+}

configs/nixos/sshd.nix

@@ -6,6 +6,9 @@
   myLib,
   ...
 }: {
+  imports = [
+    ./fail2ban.nix
+  ];
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "prohibit-password";