From a5acf870fe55e6d11970fc22d1d3f1c5cd2ad810 Mon Sep 17 00:00:00 2001
From: Evie Litherland-Smith <evie@xenia.me.uk>
Date: Tue, 16 May 2023 11:31:36 +0100
Subject: [PATCH] Extend fail2ban config for gitea

---
 server/gitea.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/server/gitea.nix b/server/gitea.nix
index 35b29015..5c0e1b87 100644
--- a/server/gitea.nix
+++ b/server/gitea.nix
@@ -3,10 +3,7 @@
   imports = [ ./traefik.nix ./fail2ban.nix ];
   services.gitea = {
     enable = true;
-    settings = {
-      server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
-      log.MODE = "file";
-    };
+    settings.server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
     appName = "Gitea";
   };
   networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
@@ -14,7 +11,10 @@
     routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; tls = { certResolver = "default"; }; };
     services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
   };
-  # services.fail2ban.jails.gitea = ''
-  #
-  # '';
+  services.fail2ban.jails.gitea = ''
+    enabled = true
+    filter = sshd
+    ports = 2222
+    backend = systemd
+  '';
 }