fail2ban: add jails for SSH, nginx proxy manager, and Jellyfin

Replaces bare enable flag with a dedicated service module covering: - SSH brute force via journald - Nginx Proxy Manager auth failures via Docker log files - Jellyfin auth failures via journald Includes incremental ban times (up to 1 week) and LAN ignore rules. https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 08:21:23 +00:00 · 2026-04-06 08:21:23 +00:00 · 16363dc887
commit 16363dc887
parent f5bb08d7dd
3 changed files with 76 additions and 2 deletions
--- a/hosts/FredOS-Mediaserver.nix
+++ b/hosts/FredOS-Mediaserver.nix
@ -18,8 +18,6 @@
      yt-dlp
    ];

-    services.fail2ban.enable = true;
-
    # Enable Docker
    virtualisation.docker.enable = true;