server: fail2ban: add gitea

hosts/configuration_server.nix

@@ -13,6 +13,8 @@
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 
 {
+
+
   imports =                                 # Import window or display manager.
     [
      #../modules/editors/nvim              # ! Comment this out on first install !
@@ -72,6 +74,8 @@
       TERMINAL = "alacritty";
       EDITOR = "nvim";
       VISUAL = "nvim";
+      etc = {
+        "etc/fail2ban/filter.d/gitea.conf".source = ../modules/services/server/fail2ban/filter/gitea.conf;
     };
     systemPackages = with pkgs; [           # Default packages install system-wide
       vim
@@ -107,6 +111,19 @@
     };
     fail2ban = {
         enable = true;
+        maxretry = 5;
+        jails = {
+            gitea = ''
+              enabled = true
+              filter = gitea
+              backend = systemd
+              maxretry = 10
+              findtime = 3600
+              bantime = 900
+              action = iptables-allports
+              filter = gitea
+            '';
+          };
     };
 
     #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up

modules/services/server/fail2ban/filter/gitea.conf

@@ -0,0 +1,3 @@
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =