fix forgejo fail2ban config

2025-11-09 16:57:17 -03:00 · 2025-11-09 16:57:17 -03:00 · db6862684c
commit db6862684c
parent 5906fa6f36
1 changed files with 13 additions and 9 deletions
--- a/hosts/trantor/forgejo.nix
+++ b/hosts/trantor/forgejo.nix
@ -4,15 +4,16 @@
  inputs,
  ...
 }:
+
 let
  utils = import ../../utils.nix { inherit inputs lib; };
  inherit (utils) mkNginxVHosts;
 in
+
 {
  services = {
    forgejo = {
      enable = true;
-      repositoryRoot = "/data/forgejo";
      settings = {
        session.COOKIE_SECURE = true;
        server = {
@ -42,17 +43,20 @@ in
      settings = {
        enabled = true;
        filter = "forgejo";
-        logpath = "${config.services.forgejo.stateDir}/log/forgejo.log";
        maxretry = 10;
-        findtime = "1h";
-        bantime = "15m";
+        findtime = "10m";
+        bantime = "1h";
      };
    };
  };

-  environment.etc."fail2ban/filter.d/forgejo.conf".text = ''
+  environment = {
+    etc."fail2ban/filter.d/forgejo.conf".text = ''
      [Definition]
      failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
      ignoreregex =
+      journalmatch = _SYSTEMD_UNIT=forgejo.service
    '';
+    persistence.main.directories = [ "/var/lib/forgejo" ];
+  };
 }