1 files changed, 41 insertions, 0 deletions

diff --git a/sys/gitea/default.nix b/sys/gitea/default.nix
new file mode 100644
index 0000000..212b9f1
--- /dev/null
+++ b/sys/gitea/default.nix
@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.local.gitea;
+in {
+  options.local.gitea = {
+    enable = mkEnableOption "gitea";
+  };
+
+  config = mkIf cfg.enable {
+    environment.etc."fail2ban/filter.d/gitea.local".text = ''
+      [Definition]
+      failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+      ignoreregex =
+    '';
+
+    services = {
+      fail2ban.jails.gitea.settings = {
+        filter = "gitea";
+        logpath = "${config.services.gitea.stateDir}/log/gitea.log";
+        maxretry = "10";
+        findtime = "3600";
+        bantime = "900";
+        action = "iptables-allports";
+      };
+
+      gitea = {
+        enable = true;
+        useWizard = true;
+      };
+    };
+
+    users = {
+      users.gitea.uid = 962;
+      groups.gitea.gid = 962;
+    };
+  };
+}