{ pkgs, hosts, ... }:
{
  imports = [
    ../../nixos/profiles/services/fail2ban.nix
  ];
  services.fail2ban = {
    enable = true;
    ignoreIP = [
      #"0.0.0.0/8"
      #"10.0.0.0/8"
      "127.0.0.0/8"
      #"169.254.0.0/16"
      #"172.16.0.0/12"
      #"192.0.2.0/24"
      "192.168.0.0/16"
      #"224.0.0.0/3"
      #"240.0.0.0/5"
      hosts.mermet._module.args.ipv4
      "losurdo.sourcephile.fr"
    ];
    jails = {
      sshd.settings = {
        enabled = true;
        bantime = "5m";
        findtime = "1d";
        maxretry = "1";
        mode = "aggressive";
      };
      postgresql.settings = {
        enabled = true;
        bantime = "1m";
        filter = "postgresql";
        findtime = "1d";
        port = 5432;
      };
    };
  };
}