main
 1{lib, ...}: {
 2  flake.modules.nixos."services/fail2ban" = {config, ...}: {
 3    services.fail2ban = {
 4      enable = true;
 5      maxretry = 3;
 6      bantime = "10m";
 7      bantime-increment.enable = true;
 8      ignoreIP = [
 9        "172.16.0.0/12"
10        "192.168.0.0/16"
11      ];
12    };
13
14    networking.firewall.enable = true;
15
16    services.restic.backups."${config.networking.hostName}-backup".paths =
17      lib.mkIf
18      (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
19      ["/var/lib/fail2ban"];
20  };
21}