diff --git a/modules/security.nix b/modules/security.nix
index 41ab20d..ad1f11d 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -49,6 +49,8 @@
   };
   services.fail2ban = {
     enable = true;
+    bantime = "1h";
+    maxretry = 1;
     ignoreIP = [
       "192.168.0.0/16"
       "172.16.0.0/12"
@@ -57,8 +59,6 @@
     ];
     extraSettings = {
       findtime = 100000;
-      bantime = 100000;
-      maxretry = 1;
       mode = "aggressive";
     };
   };