Setup fail2ban for gitea

roles/gitea-fail2ban/files/gitea-filter.conf

@@ -0,0 +1,5 @@
+# Fail2ban gitea filter
+
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =

roles/gitea-fail2ban/files/gitea-jail.conf

@@ -0,0 +1,8 @@
+[gitea]
+enabled = true
+filter = gitea
+logpath = /var/lib/gitea/log/gitea.log
+maxretry = 10
+findtime = 3600
+bantime = 900
+action = iptables-allports

roles/gitea-fail2ban/tasks/main.yml

@@ -1,2 +1,20 @@
 ---
-# TODO: https://docs.gitea.io/en-us/fail2ban-setup/
+- name: Copy fail2ban filter
+  become: true
+  copy:
+    src: gitea-filter.conf
+    dest: /etc/fail2ban/filter.d/gitea.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban service
+
+- name: Copy fail2ban jail
+  become: true
+  copy:
+    src: gitea-jail.conf
+    dest: /etc/fail2ban/jail.d/gitea.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban service