ant/nix-system
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-system/os/forgejo.nix
ant d43ece8ac4
All checks were successful
/ build-all (push) Successful in 1m15s
Details
forgejo: add fail2ban
2025-09-26 12:50:03 +02:00

70 lines
2.1 KiB
Nix
Raw Blame History

{config, pkgs, ... }:
let utils = import ./utils.nix; in
{
services.nginx.virtualHosts."git.antoinevaure.fr" = (utils.reverseProxy config.services.forgejo.settings.server.HTTP_PORT);
services.fail2ban.jails.forgejo = {
enabled = true;
filter = "forgejo";
settings = {
action = "iptables-allports";
mode = "aggressive";
};
};
environment.etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>:.*$
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.antoinevaure.fr";
ROOT_URL = "https://git.antoinevaure.fr/";
HTTP_PORT = 3000;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
# DEFAULT_ACTIONS_URL = "github";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
# mailer = {
# ENABLED = true;
# SMTP_ADDR = "mail.example.com";
# FROM = "noreply@${srv.DOMAIN}";
# USER = "noreply@${srv.DOMAIN}";
# };
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "monolith";
url = "https://git.antoinevaure.fr";
# Obtaining the path to the runner token file may differ
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
tokenFile = /root/forgejo_runner_token;
labels = [
"native:host"
];
hostPackages = with pkgs; [ bash coreutils gitMinimal config.nix.package ];
};
};
}
Reference in a new issue View git blame Copy permalink