From ff925709371bb8ff1c465856ab156727b88f02ee Mon Sep 17 00:00:00 2001
From: ytshih <ytshih@konchin.com>
Date: Mon, 28 Jul 2025 11:20:11 +0800
Subject: [PATCH] Init: bootstrap package

---
 .gitea/workflows/build.yml | 15 +++++++++++++++
 PKGBUILD                   | 25 +++++++++++++++++++++++++
 hl-workstation-env.install |  7 +++++++
 jail.local                 | 10 ++++++++++
 ssh-jail.local             |  3 +++
 5 files changed, 60 insertions(+)
 create mode 100644 .gitea/workflows/build.yml
 create mode 100644 PKGBUILD
 create mode 100644 hl-workstation-env.install
 create mode 100644 jail.local
 create mode 100644 ssh-jail.local

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
new file mode 100644
index 0000000..6b909f7
--- /dev/null
+++ b/.gitea/workflows/build.yml
@@ -0,0 +1,15 @@
+name: Build package
+on: [push]
+
+jobs:
+  build-package:
+    runs-on: pkgbuilder
+    env:
+    steps:
+      - name: Build and push package
+        uses: https://gitea.konchin.com/action/archbuild@main
+        with:
+          minio-accesskey: ${{ secrets.MINIO_ACCESSKEY }}
+          minio-secretkey: ${{ secrets.MINIO_SECRETKEY }}
+          gpg-password: ${{ secrets.GPG_PASSWORD }}
+          gpg-keygrip: ${{ secrets.GPG_KEYGRIP }}
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 0000000..8bed7df
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Yi-Ting Shih <ytshih@konchin.com>
+pkgname=hl-workstation-env
+pkgver=0.0.1
+pkgrel=1
+pkgdesc="Workstation environment for konchin.com homelab"
+arch=(any)
+url="https://gitea.konchin.com/package/hl-workstation-env"
+license=('0BSD')
+depends=(
+  'fail2ban'
+)
+install="$pkgname.install"
+source=(
+  'jail.local'
+  'ssh-jail.local'
+)
+
+package() {
+  cd "$srcdir"
+
+  install -Dm644 'jail.local' "$pkgdir/etc/fail2ban/jail.local"
+  install -Dm644 'ssh-jail.local' "$pkgdir/etc/fail2ban/jail.d/ssh-jail.local"
+}
+sha256sums=('654de70aeeae86e663454cd7bd68dacab1b99cb386b5c587140a37f6596509a5'
+            '68b256ad918cdd6c088f24f2413867e34313e755611be5ef7a0105b985b28bea')
diff --git a/hl-workstation-env.install b/hl-workstation-env.install
new file mode 100644
index 0000000..defcb29
--- /dev/null
+++ b/hl-workstation-env.install
@@ -0,0 +1,7 @@
+post_install() {
+  systemctl restart fail2ban.service || true
+}
+
+post_upgrade() {
+  systemctl restart fail2ban.service || true
+}
diff --git a/jail.local b/jail.local
new file mode 100644
index 0000000..5fc5768
--- /dev/null
+++ b/jail.local
@@ -0,0 +1,10 @@
+[DEFAULT]
+
+ignoreip = 127.0.0.0/8 172.20.0.0/16 140.113.168.105/32
+banaction = nftables
+banaction_allports = nftables[type=allports]
+bantime.increment = true
+backend   = systemd
+maxretry  = 3
+findtime  = 5m
+bantime   = 30d
diff --git a/ssh-jail.local b/ssh-jail.local
new file mode 100644
index 0000000..b4929c2
--- /dev/null
+++ b/ssh-jail.local
@@ -0,0 +1,3 @@
+[sshd]
+enabled   = true
+filter    = sshd