From 20e3cee429e52e04dca4589a659252ca23181574 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 30 Nov 2025 18:26:27 -0800
Subject: don't penalize local network

---
 profiles/server.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/profiles/server.nix b/profiles/server.nix
index 5c5cacf..d950b67 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   boot.tmp.cleanOnBoot = true;
 
@@ -43,5 +43,9 @@
         type = "ed25519";
       }
     ];
+    # https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList
+    settings.PerSourcePenaltyExemptList = lib.strings.concatStringsSep "," [
+      "192.168.1.0/24"
+    ];
   };
 }
-- 
cgit v1.2.3