diff --git a/ansible/host_vars/casey/main.yml b/ansible/host_vars/casey/main.yml
index bf1cbaf..2479bfd 100644
--- a/ansible/host_vars/casey/main.yml
+++ b/ansible/host_vars/casey/main.yml
@@ -1,6 +1,5 @@
 nebula_is_lighthouse: true
 nebula_listen_port: "{{ nebula_lighthouse_port }}"
-ssh_extra_allowed_users: f2b@{{ nebula.cidr }} f2b@{{ pve_hosts.internal_cidr }} f2b@{{ tailscale_cidr }}
 
 nginx_https_redirect: true
 
diff --git a/ansible/host_vars/pve-docker/main.yml b/ansible/host_vars/pve-docker/main.yml
index cb5971d..dfc549b 100644
--- a/ansible/host_vars/pve-docker/main.yml
+++ b/ansible/host_vars/pve-docker/main.yml
@@ -5,6 +5,4 @@ traefik_provider_homeassistant: true
 traefik_provider_grafana: true
 traefik_provider_uptime_kuma: true
 
-with_fail2ban: true
-
 db_backups_dir: /mnt/tank/files/db-backups
diff --git a/ansible/main.yml b/ansible/main.yml
index 175f3ad..306393d 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -14,7 +14,6 @@
     - gateway
     - nebula
     - headscale
-    - fail2ban_ssh
     - restic
     - artis3n.tailscale
     - glinet_vpn
diff --git a/ansible/roles/fail2ban_ssh/defaults/main.yml b/ansible/roles/fail2ban_ssh/defaults/main.yml
deleted file mode 100644
index 48ce2a0..0000000
--- a/ansible/roles/fail2ban_ssh/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-f2b_user: f2b
diff --git a/ansible/roles/fail2ban_ssh/files/f2b-entrypoint.sh b/ansible/roles/fail2ban_ssh/files/f2b-entrypoint.sh
deleted file mode 100644
index ccfe93c..0000000
--- a/ansible/roles/fail2ban_ssh/files/f2b-entrypoint.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-# Remove `-c` argument
-shift
-
-sudo fail2ban-client $@
diff --git a/ansible/roles/fail2ban_ssh/files/f2b_key.pub b/ansible/roles/fail2ban_ssh/files/f2b_key.pub
deleted file mode 100644
index faf3950..0000000
--- a/ansible/roles/fail2ban_ssh/files/f2b_key.pub
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65656562376262323162613131353164623832616263313530383838623161333739393037363362
-3332616430663862363566613532396230643636376537620a356261383430643566323264343437
-39333034643632316130303136326433613333383738386531353530633539616661626664626430
-3230666237616165650a326536313835643135626135316437356363623562343538383132306539
-38366339356565393336396133616261363232356139623164623738633138363963353637353734
-33333334313864376131653535653132626366306630393764353464636331316564616230396663
-31363463643765386538643761666265383166353765633233323934663235316331346465653234
-31396139633936363738383766356135656434343338623137663436626436663866366663363534
-3364
diff --git a/ansible/roles/fail2ban_ssh/tasks/main.yml b/ansible/roles/fail2ban_ssh/tasks/main.yml
deleted file mode 100644
index 1163d77..0000000
--- a/ansible/roles/fail2ban_ssh/tasks/main.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- name: Make user
-  user:
-    name: "{{ f2b_user }}"
-    comment: "{{ me.user }}"
-    shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
-    system: false
-  become: true
-
-- name: Give user sudo access to client
-  lineinfile:
-    path: /etc/sudoers
-    line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"
-  become: true
-
-- name: Allow custom shell
-  lineinfile:
-    path: /etc/shells
-    line: /home/{{ f2b_user }}/f2b-entrypoint.sh
-  become: true
-
-- name: Create entrypoint
-  template:
-    src: files/f2b-entrypoint.sh
-    dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
-    mode: "755"
-  become: true
-  register: sshd_config
-
-- name: Set up authorized keys
-  ansible.posix.authorized_key:
-    user: "{{ f2b_user }}"
-    state: present
-    key: "{{ lookup('file', 'files/f2b_key.pub') }}"
-  become: true
diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml
index f52564d..e11f7e7 100644
--- a/ansible/roles/traefik/defaults/main.yml
+++ b/ansible/roles/traefik/defaults/main.yml
@@ -2,5 +2,3 @@ traefik_provider_jellyfin: false
 traefik_provider_homeassistant: false
 traefik_provider_grafana: false
 traefik_provider_uptime_kuma: false
-
-with_fail2ban: false
diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml
index 9917b86..cf8ad07 100644
--- a/ansible/roles/traefik/files/docker-compose.yml
+++ b/ansible/roles/traefik/files/docker-compose.yml
@@ -8,7 +8,6 @@ services:
       - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
       - GANDIV5_API_KEY={{ vault_gandi_api_key }}
     volumes:
-      - /tmp/traefik-logs:/var/log/traefik
       - ./traefik:/etc/traefik
     restart: unless-stopped
     ports:
diff --git a/ansible/roles/traefik/files/fail2ban/f2b_key.key b/ansible/roles/traefik/files/fail2ban/f2b_key.key
deleted file mode 100644
index bb4a5d4..0000000
--- a/ansible/roles/traefik/files/fail2ban/f2b_key.key
+++ /dev/null
@@ -1,25 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62333161626439326166306363343866616336646134376134326265386134343338313164653334
-3131633561363730376161323034643836333738303361320a613764383135373933636537333331
-32633335663462653361643538656533313633666666303830363533616263663135323635613235
-3738396530363130370a323338663966353333373862353964636333343436613932303765373035
-61353363633836613830346631323565326338616331353665653333383065376565626164306266
-32346133643635626632326133333933656333346336336232613536386661366537383439646632
-35323838633266633263646563323834363066336432663665616433303632646234326266653036
-35666532383261663430303764383833396336393031316361633563336538663931333736633161
-33333230343731663038626362353163663363396134303431393061333136393664643535393662
-65333561623335656635393364666135343462646237316138393637356261303634383830636462
-63336231643030643636643431616434643765373037393832613563323132383864383365316365
-35663930373938653163363436373236313162353661646531333461643463663336383332633431
-63633938306533343561646663393165353633306131336135633762306666326465306335343665
-34323261623531646566626561643465333737323562646137366235363339663163656566383266
-39326637373739623338653633633237396362633062303033366530383334353032643434623339
-38633563396432326430386638333837343733633364336536626563363932646636343333326333
-63326566663265346537633134653636636436323738396530326332656165396635316634653133
-31373137636233323563343433383837633132636434303134313431343364313735316633343732
-62663537616663356133636337373630616134363262333332303965393463643833343561386639
-62316136363661653430336566323539643239346539353535346539646138366462346634336165
-37343737656564333365346538656661343165623037613030356233626534306533303738646363
-35396566303561366333363265373733636138336533336534393262643831613836326639623633
-62313830626264323965303933393466643433373136353232383262323963613432313139303062
-34373236363635623337
diff --git a/ansible/roles/traefik/files/fail2ban/remote-action.conf b/ansible/roles/traefik/files/fail2ban/remote-action.conf
deleted file mode 100644
index 58a99fc..0000000
--- a/ansible/roles/traefik/files/fail2ban/remote-action.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-[Definition]
-actionban   = ssh -p 7743 f2b@{{ nebula.clients.casey.ip }} -i /etc/fail2ban/f2b_key.key set traefik banip <ip>
-actionunban = ssh -p 7743 f2b@{{ nebula.clients.casey.ip }} -i /etc/fail2ban/f2b_key.key set traefik unbanip <ip>
-actioncheck =
-actionstart =
-actionstop =
diff --git a/ansible/roles/traefik/files/fail2ban/traefik-filter.conf b/ansible/roles/traefik/files/fail2ban/traefik-filter.conf
deleted file mode 100644
index 4f670ca..0000000
--- a/ansible/roles/traefik/files/fail2ban/traefik-filter.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-[Definition]
-failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" .+$
-ignoreregex =
-mode = normal
diff --git a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf b/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
deleted file mode 100644
index b606c1a..0000000
--- a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-[traefik]
-enabled  = true
-bantime  = 6000
-findtime = 300
-maxretry = 5
-filter   = traefik
-logpath = /tmp/traefik-logs/access.log
-port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
-action = gateway
diff --git a/ansible/roles/traefik/files/logrotate.conf b/ansible/roles/traefik/files/logrotate.conf
deleted file mode 100644
index 4b98916..0000000
--- a/ansible/roles/traefik/files/logrotate.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-/tmp/traefik-logs/access.log {
-  daily
-  rotate 7
-  missingok
-  compress
-  nodateext
-  notifempty
-}
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index 31da3a7..eb5f9b5 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -86,9 +86,3 @@ tls:
 
 pilot:
   dashboard: false
-
-accessLog:
-  filePath: "/var/log/traefik/access.log"
-  filters:
-    statusCodes:
-      - "400-600"
diff --git a/ansible/roles/traefik/handlers/main.yml b/ansible/roles/traefik/handlers/main.yml
index 39e4f13..699f0fd 100644
--- a/ansible/roles/traefik/handlers/main.yml
+++ b/ansible/roles/traefik/handlers/main.yml
@@ -2,9 +2,3 @@
   shell:
     chdir: /opt/traefik
     cmd: "{{ docker_update_command }}"
-
-- name: restart fail2ban
-  service:
-    name: fail2ban
-    state: restarted
-  become: true
diff --git a/ansible/roles/traefik/tasks/fail2ban.yml b/ansible/roles/traefik/tasks/fail2ban.yml
deleted file mode 100644
index 36ee69f..0000000
--- a/ansible/roles/traefik/tasks/fail2ban.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Create jail
-  template:
-    src: files/fail2ban/traefik-jail.conf
-    dest: /etc/fail2ban/jail.d/traefik.conf
-    mode: "644"
-  become: true
-  notify: restart fail2ban
-
-- name: Create filter
-  template:
-    src: files/fail2ban/traefik-filter.conf
-    dest: /etc/fail2ban/filter.d/traefik.conf
-    mode: "644"
-  become: true
-  notify: restart fail2ban
-
-- name: Create action
-  template:
-    src: files/fail2ban/remote-action.conf
-    dest: /etc/fail2ban/action.d/gateway.conf
-    mode: "644"
-  become: true
-  notify: restart fail2ban
-
-- name: Create SSH key
-  copy:
-    src: files/fail2ban/f2b_key.key
-    dest: /etc/fail2ban/f2b_key.key
-    owner: root
-    group: root
-    mode: "0600"
-  become: true
diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml
index cb3aa8f..f7e5f64 100644
--- a/ansible/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@@ -100,14 +100,3 @@
   notify: restart traefik
   when: traefik_provider_uptime_kuma
   become: true
-
-- name: logrotate config
-  template:
-    src: files/logrotate.conf
-    dest: /etc/logrotate.d/traefik
-    mode: "0600"
-  become: true
-
-- name: fail2ban
-  include_tasks: fail2ban.yml
-  when: with_fail2ban