diff --git a/boxes/netbox.nix b/boxes/netbox.nix
index 164cb09..1b1d66e 100644
--- a/boxes/netbox.nix
+++ b/boxes/netbox.nix
@@ -14,13 +14,63 @@
 
   services.rss2email = {
     enable = true;
+    to = "ryan@beepboop.systems";
     feeds = {
       "eff" = {
         url = "https://www.eff.org/rss/updates.xml";
       };
+      "nixos" = {
+        url = "https://nixos.org/blog/announcements-rss.xml";
+      };
+      "drewdevault" = {
+        url = "https://drewdevault.com/blog/index.xml";
+      };
+      "nullprogram" = {
+        url = "https://nullprogram.com/feed/";
+      };
     };
   };
 
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "192.168.1.0/24"
+    ];
+    extraPackages = [pkgs.ipset];
+    banaction = "iptables-ipset-proto6-allports";
+
+    jails = {
+      "nginx-bruteforce" = ''
+        enabled = true
+	filter = nginx-bruteforce
+	logpath = /var/log/nginx/access.log
+	backend = auto
+	maxretry = 6
+	findtime = 600
+      '';
+
+      "postfix-bruteforce" = ''
+        enabled = true
+	filter = postfix-bruteforce
+	maxretry = 6
+	findtime = 600
+      '';
+    };
+  };
+
+  environment.etc = {
+    "fail2ban/filter.d/nginx-bruteforce.conf".text = ''
+      [Definition]
+      failregex = ^<HOST>.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
+    '';
+
+    "fail2ban/filter.d/postfix-bruteforce.conf".text = ''
+      [Definition]
+      failregex = warning: [\w\.\-]+\[<HOST>\]: SASL LOGIN authentication failed.*$
+      journalmatch = _SYSTEMD_UNIT=postfix.service
+    '';
+  };
+
   users.users.useracc = {
     isNormalUser = true;
     extraGroups = [ "wheel" "docker" ];