{ config, lib, ... }:
{
  environment.persistence."/data/persistent".directories = [ "/var/lib/fail2ban" ];

  services.fail2ban = {
    enable = true;
    bantime = "12h";
    bantime-increment = {
      enable = true;
      formula = "ban.Time * (2 ** ban.Count)";
      overalljails = true;
      rndtime = "1h";
    };
    ignoreIP = [
      (lib.mkIf (config.networking.hostName != "lily") config.garden.info.network.lily.netbird-ip)
      (lib.mkIf (config.networking.hostName != "lutea") config.garden.info.network.lutea.netbird-ip)
    ];
    maxretry = 1;
  };
}