From 07b058160e127d2e86252f3cbf00a1724ed06baf Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Tue, 24 Sep 2024 21:13:57 -0400
Subject: [PATCH] global/security: update fail2ban whitelist

---
 modules/global/security.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/global/security.nix b/modules/global/security.nix
index 1508fe5..4835798 100644
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@@ -58,10 +58,13 @@ in
 
   services.fail2ban = {
     ignoreIP = [
-      "100.101.102.0/14"
-      "172.16.0.0/12"
-      "192.168.1.0/24"
-      "192.168.137.0/24"
+      "100.101.102.0/14" # Tailscale
+      "172.16.0.0/12" # Docker/Containers
+      "10.0.0.0/8" # Private networks
+      "100.64.0.0/10" # CGNAT
+      "192.168.1.0/24" # Private networks
+      "192.168.137.0/24" # Rack network
+      "128.46.0.0/16" # Purdue
     ];
     bantime = "24h";
     bantime-increment = {