fail2ban banning works now

services/fail2ban.nix

@@ -28,23 +28,44 @@
       jellyfin = lib.mkIf config.services.jellyfin.enable {
         settings = {
           filter = "jellyfin";
-          backend = "auto";
+          backend = "systemd";
           enabled = true;
-          port = "8096,8920";
-          maxretry = 3;
-          bantime = 86400;
-          findtime = 43200;
-          logpath = "/var/lib/jellyfin/log/*.log";
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          journalmatch = "_SYSTEMD_UNIT=jellyfin.service";
+          # logpath = "/var/lib/jellyfin/log/*.log";
+        };
+      };
+
+      forgejo = lib.mkIf config.services.forgejo.enable {
+        settings = {
+          filter = "forgejo";
+          backend = "systemd";
+          enabled = true;
+          port = "80,443";
+          maxretry = 8;
+          bantime = "24h";
+          findtime = "30m";
+          journalmatch = "_SYSTEMD_UNIT=forgejo.service";
+          # logpath = "/var/lib/forgejo/log/*.log";
         };
       };
     };
   };
 
   environment.etc = {
+    # Jellyfin
     "fail2ban/filter.d/jellyfin.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
       [Definition]
       failregex = ^.*Authentication request for .* has been denied \(IP: <ADDR>\)\.
     '');
+    # Forgejo
+    "fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+      [Definition]
+      failregex = ^.*Failed authentication attempt for .* from <ADDR>.*$
+    '');
     # Defines a filter that detects URL probing by reading the Nginx access log
     "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
       [Definition]

services/forgejo.nix

@@ -17,11 +17,6 @@ in {
         ENABLE_PUSH_CREATE_USER = true;
       };
 
-      log = {
-        MODE = "file";
-        LEVEL = "info";
-      };
-
       server = {
         DOMAIN = "git.spoodythe.one";
         HTTP_PORT = port;