forgejo: add fail2ban jail
All checks were successful
flake check / check (push) Successful in 8m4s
fmt check / check (push) Successful in 1m6s

This commit is contained in:
notohh 2023-12-30 13:38:40 -05:00
parent e320317d27
commit ac3f794578
Signed by: notohh
GPG key ID: BD47506D475EE86D

View file

@ -31,6 +31,9 @@
SSH_LISTEN_PORT = 2222;
SSH_LISTEN_HOST = "100.121.201.47";
};
session = {
COOKIE_SECURE = true;
};
database = {
DB_TYPE = lib.mkForce "postgres";
HOST = "192.168.1.211:5432";
@ -59,4 +62,21 @@
};
mailerPasswordFile = config.sops.secrets.smtp2go-pwd.path;
};
services.fail2ban.jails.forgejo = {
settings = {
filter = "forgejo";
action = ''iptables-allports'';
mode = "aggressive";
maxretry = 3;
findtime = 3600;
bantime = 900;
};
};
environment.etc = {
"fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
};
}