feat(dgn-firewall): Ban f*cking AI crawlers again

modules/nixos/dgn-firewall/default.nix

@@ -86,9 +86,12 @@ in
 
       stop = [ (nft "delete table inet reaction") ];
 
-      streams = {
-        inherit (streams') ssh;
-      } // (optionalAttrs config.services.nginx.enable { inherit (streams') ai-crawlers; });
+      streams =
+        {
+          inherit (streams') ssh;
+        }
+        // (optionalAttrs config.services.nginx.enable { inherit (streams') ai-crawlers; })
+        // (optionalAttrs config.services.forgejo.enable { inherit (streams') forgejo-slow-crawlers; });
     };
   };
 }

modules/nixos/dgn-firewall/streams.nix

@@ -63,6 +63,18 @@ in
     };
   };
 
+  forgejo-slow-crawlers = {
+    cmd = journalctl "forgejo";
+    filters.slowness = {
+      regex = [
+        "router: slow .* GET /.* for <ip>:0, elapsed .*"
+      ];
+      actions = ban "72h";
+      retry = 15;
+      retryPeriod = "2h";
+    };
+  };
+
   ssh = {
     cmd = journalctl "sshd";