ant/nix-system
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

forgejo: add fail2ban
All checks were successful
/ build-all (push) Successful in 1m15s
Details

Browse source
This commit is contained in:
ant 2025-09-26 12:50:03 +02:00
parent 7424bb594e
commit d43ece8ac4
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
os/forgejo.nix
View file

@ -6,7 +6,18 @@ let utils = import ./utils.nix; in
services.fail2ban.jails.forgejo = { services.fail2ban.jails.forgejo = {
enabled = true; enabled = true;
filter = "forgejo"; filter = "forgejo";
settings = {
action = "iptables-allports";
mode = "aggressive";
}; };
};
environment.etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>:.*$
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
services.forgejo = { services.forgejo = {
enable = true; enable = true;