feat: Add backup and security hardening

scripts/security-setup/jail.local

@@ -0,0 +1,36 @@
+# fail2ban jail configuration for Gentoo workstation
+# Place in /etc/fail2ban/jail.local
+
+[DEFAULT]
+# Ban settings
+bantime  = 1h
+findtime = 10m
+maxretry = 3
+
+# Use nftables for banning
+banaction = nftables-multiport
+banaction_allports = nftables-allports
+
+# Email notifications (configure if needed)
+destemail = root@localhost
+sendername = Fail2Ban
+action = %(action_)s
+
+[sshd]
+enabled = true
+port    = ssh
+logpath = /var/log/auth.log
+backend = systemd
+maxretry = 3
+bantime = 1h
+findtime = 10m
+
+# Additional SSH protection for multiple failed attempts
+[sshd-aggressive]
+enabled = false
+port    = ssh
+logpath = /var/log/auth.log
+backend = systemd
+maxretry = 5
+bantime = 24h
+findtime = 1h