diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
index b8e0dd05..ef6a7cf3 100644
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -194,6 +194,20 @@ in
   ];
 
   services = {
+    fail2ban = {
+      enable = true;
+      ignoreIP = [
+        "2a00:8180:2c00:200::/56"
+        "2a0f:5382:acab:1400::/56"
+        "fd23:42:c3d2:500::/56"
+        "30c:c3d2:b946:76d0::/64"
+        "::1/128"
+        "172.22.99.0/24"
+        "172.20.72.0/21"
+        "127.0.0.0/8"
+      ];
+    };
+
     hydra = {
       enable = true;
       buildMachinesFiles = [