diff --git a/host_vars/apollo.archlinux.org b/host_vars/apollo.archlinux.org
index 6c50df3174e3bcae204fbc14592086ed21028bfa..88a239a97e02898d49c7cb6590e61e131f70fcc8 100644
--- a/host_vars/apollo.archlinux.org
+++ b/host_vars/apollo.archlinux.org
@@ -39,5 +39,7 @@ zabbix_agent_host_groups:
   - Zabbix servers
 
 fail2ban_jails:
-  - nginx
-  - postfix
+  sshd: true
+  postfix: true
+  dovecot: false
+  nginx: true
diff --git a/host_vars/orion.archlinux.org/misc b/host_vars/orion.archlinux.org/misc
index a820a9a0177b894b9c8fe191c24cf1409915132a..bbfade9e6e2c34559867436ae158d21de5e6ccc9 100644
--- a/host_vars/orion.archlinux.org/misc
+++ b/host_vars/orion.archlinux.org/misc
@@ -27,3 +27,4 @@ fail2ban_jails:
   sshd: true
   postfix: true
   dovecot: true
+  nginx: false
diff --git a/roles/fail2ban/defaults/main.yml b/roles/fail2ban/defaults/main.yml
index 003ddc95b65a4843bbd64624258bebea59a1a5b7..753cb98322f2e7fa448dc81a5e1d3741777764df 100644
--- a/roles/fail2ban/defaults/main.yml
+++ b/roles/fail2ban/defaults/main.yml
@@ -4,6 +4,7 @@ fail2ban_jails:
   sshd: false
   postfix: false
   dovecot: false
+  nginx: false
 
 # use variables for these directives so they can be overridden at a host or
 # group level as required. note that there cannot be a space between the
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index faca06bf603cf9f2be33a8ec80c08f01b34c9bfc..7bfdcfa95464f13ec18e92c73fa9cd0087d3da80 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -5,6 +5,14 @@
   notify:
     - restart fail2ban
 
+- name: create systemd unit override path
+  file:
+    path: "/etc/systemd/system/fail2ban.service.d"
+    state: "directory"
+    owner: "root"
+    group: "root"
+    mode: 0755
+
 - name: install systemd unit override file
   template:
     src: "fail2ban.service.j2"