I ended up building it myself, which may be the best option if you want to use other plugins. I have it set up in my own Forgejo with a CI configuration to auto build the binary and docker image. Forgejo let’s you also host container images, so I can just pull from the latest build wherever I need it.

Both those tools analyze service logs for suspicious activity and block based on patterns. If you aren’t hosting anything externally, they probably aren’t doing anything.

Crowdsec is probably more effective than fail2ban overall, but both are only part of a defense in depth strategy and are really last resort protection.