[sshd]
enabled  = true
bantime  = 600
findtime = 30
maxretry = 5
port     = {{ ssh_port }},ssh
ignoreip = {{ wireguard.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}