diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index f70a15d..89d1af5 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -114,10 +114,6 @@
     adguardhome = {
       enable = false;
     };
-    nextcloud = {
-      enable = false;
-      subdomain = "drive";
-    };
     sync = {
       enable = true;
       folders = {
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index a031b0d..8854936 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -10,6 +10,5 @@
     ./searx.nix
     ./home-assistant.nix
     ./adguardhome.nix
-    ./nextcloud.nix
   ];
 }
diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix
index 2f6dc58..cd2a978 100644
--- a/modules/nixos-modules/server/fail2ban.nix
+++ b/modules/nixos-modules/server/fail2ban.nix
@@ -1,5 +1,6 @@
 {
   lib,
+  pkgs,
   config,
   ...
 }: let
@@ -12,6 +13,41 @@ in {
 
   config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [
     {
+      environment.etc = {
+        "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable (
+          pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+            [Definition]
+            failregex = "limiting requests, excess:.* by zone.*client: <HOST>"
+          '')
+        );
+        "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable (
+          pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+            [Definition]
+            failregex = "^.*Authentication request for .* has been denied \\\(IP: \"<ADDR>\"\\\)\\\."
+          '')
+        );
+        "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable (
+          pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+            [Definition]
+            failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>"
+          '')
+        );
+        "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable (
+          pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+            [INCLUDES]
+            before = common.conf
+
+            [Definition]
+            failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from <HOST>.*$
+
+            ignoreregex =
+
+            [Init]
+            datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
+          '')
+        );
+      };
+
       services.fail2ban = {
         enable = true;
         maxretry = 5;
@@ -34,54 +70,40 @@ in {
         };
         jails = {
           nginx-iptables.settings = lib.mkIf config.services.nginx.enable {
+            enabled = true;
             filter = "nginx";
             action = ''iptables-multiport[name=HTTP, port="http,https"]'';
             backend = "auto";
-            failregex = "limiting requests, excess:.* by zone.*client: <HOST>";
             findtime = 600;
             bantime = 600;
             maxretry = 5;
           };
           jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable {
+            enabled = true;
             filter = "jellyfin";
             action = ''iptables-multiport[name=HTTP, port="http,https"]'';
             logpath = "${config.services.jellyfin.dataDir}/log/*.log";
             backend = "auto";
-            failregex = "^.*Authentication request for .* has been denied \\\(IP: \"<ADDR>\"\\\)\\\.";
-            findtime = 600;
-            bantime = 600;
-            maxretry = 5;
-          };
-          nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable {
-            filter = "nextcloud";
-            action = ''iptables-multiport[name=HTTP, port="http,https"]'';
-            logpath = "${config.services.nextcloud.datadir}/*.log";
-            backend = "auto";
-            failregex = ''
-              ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
-                          ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
-                          ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$
-            '';
             findtime = 600;
             bantime = 600;
             maxretry = 5;
           };
           forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable {
+            enabled = true;
             filter = "forgejo";
             action = ''iptables-multiport[name=HTTP, port="http,https"]'';
             logpath = "${config.services.forgejo.stateDir}/log/*.log";
             backend = "auto";
-            failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>";
             findtime = 600;
             bantime = 600;
             maxretry = 5;
           };
           home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable {
-            filter = "home-assistant";
+            enabled = true;
+            filter = "hass";
             action = ''iptables-multiport[name=HTTP, port="http,https"]'';
             logpath = "${config.services.home-assistant.configDir}/*.log";
             backend = "auto";
-            failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from <HOST>.*$";
             findtime = 600;
             bantime = 600;
             maxretry = 5;
diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix
deleted file mode 100644
index ada61dd..0000000
--- a/modules/nixos-modules/server/nextcloud.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  inputs,
-  ...
-}: let
-  dataDir = "/var/lib/nextcloud";
-in {
-  options.host.nextcloud = {
-    enable = lib.mkEnableOption "should nextcloud be enabled on this computer";
-    subdomain = lib.mkOption {
-      type = lib.types.str;
-      description = "subdomain of base domain that nextcloud will be hosted at";
-      default = "nextcloud";
-    };
-  };
-
-  config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [
-    {
-      sops.secrets = {
-        "services/nextcloud_adminpass" = {
-          sopsFile = "${inputs.secrets}/defiant-services.yaml";
-          owner = config.users.users.nextcloud.name;
-        };
-      };
-
-      host = {
-        reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = {
-          target = "http://localhost:${toString 8009}";
-        };
-      };
-
-      services = {
-        nextcloud = {
-          enable = true;
-          package = pkgs.nextcloud31;
-          hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}";
-          settings.log_type = "file";
-          config = {
-            adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path;
-            adminuser = "admin";
-            dbtype = "sqlite";
-          };
-        };
-      };
-    }
-    (lib.mkIf config.host.impermanence.enable {
-      assertions = [
-        {
-          assertion = config.services.nextcloud.datadir == dataDir;
-          message = "nextcloud data directory does not match persistence";
-        }
-      ];
-
-      environment.persistence."/persist/system/root" = {
-        enable = true;
-        hideMounts = true;
-        directories = [
-          {
-            directory = dataDir;
-            user = "nextcloud";
-            group = "nextcloud";
-          }
-        ];
-      };
-    })
-  ]);
-}