forgejo: add fail2ban jail
All checks were successful
flake check / check (push) Successful in 8m4s
fmt check / check (push) Successful in 1m6s
All checks were successful
flake check / check (push) Successful in 8m4s
fmt check / check (push) Successful in 1m6s
This commit is contained in:
parent
e320317d27
commit
ac3f794578
GPG key ID:
BD47506D475EE86D
1 changed files with 20 additions and 0 deletions
|
|
@ -31,6 +31,9 @@
|
|||
SSH_LISTEN_PORT = 2222;
|
||||
SSH_LISTEN_HOST = "100.121.201.47";
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
database = {
|
||||
DB_TYPE = lib.mkForce "postgres";
|
||||
HOST = "192.168.1.211:5432";
|
||||
|
|
@ -59,4 +62,21 @@
|
|||
};
|
||||
mailerPasswordFile = config.sops.secrets.smtp2go-pwd.path;
|
||||
};
|
||||
services.fail2ban.jails.forgejo = {
|
||||
settings = {
|
||||
filter = "forgejo";
|
||||
action = ''iptables-allports'';
|
||||
mode = "aggressive";
|
||||
maxretry = 3;
|
||||
findtime = 3600;
|
||||
bantime = 900;
|
||||
};
|
||||
};
|
||||
environment.etc = {
|
||||
"fail2ban/filter.d/forgejo.conf".text = ''
|
||||
[Definition]
|
||||
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
|
||||
journalmatch = _SYSTEMD_UNIT=forgejo.service
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue