[sshd]
enabled = true
bantime = 600
findtime = 30
maxretry = 5
port = {{ ssh_port }},ssh
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}