Extend fail2ban config for gitea

2023-05-16 11:31:36 +01:00 · 2023-05-16 11:31:36 +01:00 · a5acf870fe
parent 45eb1526dc
commit a5acf870fe
1 changed files with 7 additions and 7 deletions
--- a/server/gitea.nix
+++ b/server/gitea.nix
@ -3,10 +3,7 @@
  imports = [ ./traefik.nix ./fail2ban.nix ];
  services.gitea = {
    enable = true;
-    settings = {
-      server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
-      log.MODE = "file";
-    };
+    settings.server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
    appName = "Gitea";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
@ -14,7 +11,10 @@
    routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; tls = { certResolver = "default"; }; };
    services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
  };
-  # services.fail2ban.jails.gitea = ''
-  #
-  # '';
+  services.fail2ban.jails.gitea = ''
+    enabled = true
+    filter = sshd
+    ports = 2222
+    backend = systemd
+  '';
 }