diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix
index 25acf4e..547d21f 100644
--- a/hosts/trantor/forgejo.nix
+++ b/hosts/trantor/forgejo.nix
@@ -4,15 +4,16 @@
   inputs,
   ...
 }:
+
 let
   utils = import ../../utils.nix { inherit inputs lib; };
   inherit (utils) mkNginxVHosts;
 in
+
 {
   services = {
     forgejo = {
       enable = true;
-      repositoryRoot = "/data/forgejo";
       settings = {
         session.COOKIE_SECURE = true;
         server = {
@@ -42,17 +43,20 @@ in
       settings = {
         enabled = true;
         filter = "forgejo";
-        logpath = "${config.services.forgejo.stateDir}/log/forgejo.log";
         maxretry = 10;
-        findtime = "1h";
-        bantime = "15m";
+        findtime = "10m";
+        bantime = "1h";
       };
     };
   };
 
-  environment.etc."fail2ban/filter.d/forgejo.conf".text = ''
-    [Definition]
-    failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
-    ignoreregex =
-  '';
+  environment = {
+    etc."fail2ban/filter.d/forgejo.conf".text = ''
+      [Definition]
+      failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+      ignoreregex =
+      journalmatch = _SYSTEMD_UNIT=forgejo.service
+    '';
+    persistence.main.directories = [ "/var/lib/forgejo" ];
+  };
 }