Tbf I had a 200 Euro bill. For one year. If i invest say 1000 euros, for a low power setup, id be running it for at least 5 years for it to pay off.

I currently run a truenas on old consumer hardware and the rest I host is on sbcs.

Well if you are using strong passwords or no passwords from outside at all, but key auth only, i think you are pretty in the safe side. As i said, i have no ssh port open to the internet. Raising the ban time could only lead to banning myself. 😀

But for ports open to the outside, yes. I ppbly would do that too. Plus hardening the ssh config a bit

Can you give me ressources on how to configure f2b?

I usually leave the defaults, or maybe tweak the times a bit.

One could only enter my network thru vpn or nginx on 443 anyway, so I am not that worried

Enabling unattended updates -> Hell no. Regular Patchdays
Enable only ssh login with key -> yes
Create user with sudo privileges -> yes
Disable root login -> no
Enable ufw with necessary ports -> Basic iptables, but not on all hosts. But fail2ban
Disable ping -> nope
Change ssh default port 21 to something else. -> nope