william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix forgejo fail2ban config

Browse source
This commit is contained in:
William 2025-11-09 16:57:17 -03:00
parent 5906fa6f36
commit db6862684c
1 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/trantor/forgejo.nix
View file

@ -4,15 +4,16 @@
inputs, inputs,
... ...
}: }:
let let
utils = import ../../utils.nix { inherit inputs lib; }; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts; inherit (utils) mkNginxVHosts;
in in
{ {
services = { services = {
forgejo = { forgejo = {
enable = true; enable = true;
repositoryRoot = "/data/forgejo";
settings = { settings = {
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
server = { server = {
@ -42,17 +43,20 @@ in
settings = { settings = {
enabled = true; enabled = true;
filter = "forgejo"; filter = "forgejo";
logpath = "${config.services.forgejo.stateDir}/log/forgejo.log";
maxretry = 10; maxretry = 10;
findtime = "1h"; findtime = "10m";
bantime = "15m"; bantime = "1h";
}; };
}; };
}; };
environment.etc."fail2ban/filter.d/forgejo.conf".text = '' environment = {
etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition] [Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST> failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex = ignoreregex =
journalmatch = _SYSTEMD_UNIT=forgejo.service
''; '';
persistence.main.directories = [ "/var/lib/forgejo" ];
};
} }