diff --git a/services/.auto-torrent.nix.swp b/services/.auto-torrent.nix.swp
new file mode 100644
index 0000000..55853d9
Binary files /dev/null and b/services/.auto-torrent.nix.swp differ
diff --git a/services/fail2ban.nix b/services/fail2ban.nix
index e6190b5..5805bb3 100755
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@@ -35,7 +35,6 @@
           bantime = "24h";
           findtime = "30m";
           journalmatch = "_SYSTEMD_UNIT=jellyfin.service";
-          # logpath = "/var/lib/jellyfin/log/*.log";
         };
       };
 
@@ -49,9 +48,46 @@
           bantime = "24h";
           findtime = "30m";
           journalmatch = "_SYSTEMD_UNIT=forgejo.service";
-          # logpath = "/var/lib/forgejo/log/*.log";
         };
       };
+
+      sonarr = lib.mkIf (config.microvm.vms."auto-torrent" != null) {
+        settings = {
+          filter = "arr";
+          backend = "auto";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          logpath = "/var/lib/auto-torrent/sonarr/logs/*.txt";
+        };
+      };
+      radarr = lib.mkIf (config.microvm.vms."auto-torrent" != null) {
+        settings = {
+          filter = "arr";
+          backend = "auto";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          logpath = "/var/lib/auto-torrent/radarr/logs/*.txt";
+        };
+      };
+    };
+
+    vaultwarden = lib.mkIf config.services.vaultwarden.enable {
+        settings = {
+          filter = "vaultwarden";
+          backend = "systemd";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          journalmatch = "_SYSTEMD_UNIT=vaultwarden.service";
+        };
     };
   };
 
@@ -66,6 +102,16 @@
       [Definition]
       failregex = ^.*Failed authentication attempt for .* from <ADDR>.*$
     '');
+    # *arr
+    "fail2ban/filter.d/arr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^.*Auth-Failure ip <ADDR> username.*$
+    '');
+    # Vaultwarden
+    "fail2ban/filter.d/arr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^.*Username or password is incorrect. Try again. IP: <ADDR>\. Username: .*$
+    '');
     # Defines a filter that detects URL probing by reading the Nginx access log
     "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
       [Definition]