diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix
index cc3147a..9d73f78 100644
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@@ -1,4 +1,43 @@
 { config, pkgs, ... }:
+let
+  sshd_filter = ''
+    Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
+    pam_unix\(sshd:session\): session opened for user \S+ by \S+
+    Received disconnect from \S+ port \S+:11: disconnected by user
+    Disconnected from user \S+ \S+ port \S+
+    pam_unix\(sshd:session\): session closed for user \S+
+    #
+    # Somebody evil ...
+    #
+    banner exchange: Connection from \S+ port \S+: invalid format
+    banner exchange: Connection from \S+ port \S+: could not read protocol version
+    Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
+    Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
+    Unable to negotiate with \S+ port \S+: no matching key exchange method found. Their offer: \S+ \[preauth\]
+    Invalid user \S+ from \S+ port \S+
+    Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
+    Disconnected from authenticating user root \S+ port \S+ \[preauth\]
+    Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
+    Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
+    Connection reset by \S+ port \S+ \[preauth\]
+    Connection reset by \S+ port \S+
+    Connection closed by \S+ port \S+
+    Connection closed by \S+ port \S+ \[preauth\]
+    Connection closed by invalid user \S+ \S+ port \S+ \[preauth\]
+    Connection closed by authenticating user root \S+ port \S+ \[preauth\]
+    error: kex_exchange_identification: banner line contains invalid characters
+    error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
+    error: kex_exchange_identification: Connection closed by remote host
+    error: kex_exchange_identification: read: Connection reset by peer
+    error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
+    error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
+    error: PAM: Authentication failure for \S+ from \S+
+    error: PAM: Authentication failure for illegal user \S+ from \S+
+    error: Protocol major versions differ: 2 vs\. 1
+    error: beginning MaxStartups throttling
+    fatal: Timeout before authentication for \S+ port [0-9]+
+  '';
+in
 {
   # Systemd Journal Monitoring.
   # Alternative:
@@ -439,6 +478,10 @@
         '';
         match = "IMAGE_NAME = /mysql:[0-9]+/";
       }
+      {
+        filters = sshd_filter;
+        match = "IMAGE_NAME = gitea/gitea:1";
+      }
       { # yodaNas
         filters = ''
           crond: crond \(busybox \S+\) started, log level [0-9]+
@@ -649,40 +692,7 @@
       # However, sometimes the _SYSTEMD_UNIT field is missing
       #   SYSLOG_IDENTIFIER = sshd
       {
-        filters = ''
-          Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
-          pam_unix\(sshd:session\): session opened for user \S+ by \S+
-          Received disconnect from \S+ port \S+:11: disconnected by user
-          Disconnected from user \S+ \S+ port \S+
-          pam_unix\(sshd:session\): session closed for user \S+
-          #
-          # Somebody evil ...
-          #
-          Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
-          Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
-          Invalid user \S+ from \S+ port \S+
-          Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
-          Disconnected from authenticating user root \S+ port \S+ \[preauth\]
-          Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
-          Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
-          Connection reset by \S+ port \S+ \[preauth\]
-          Connection closed by \S+ port \S+
-          Connection closed by \S+ port \S+ \[preauth\]
-          Connection closed by authenticating user root \S+ port \S+ \[preauth\]
-          error: kex_exchange_identification: banner line contains invalid characters
-          # error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
-          # error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
-          error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
-          error: kex_exchange_identification: Connection closed by remote host
-          error: kex_exchange_identification: read: Connection reset by peer
-          error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
-          error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
-          error: PAM: Authentication failure for \S+ from \S+
-          error: PAM: Authentication failure for illegal user \S+ from \S+
-          error: Protocol major versions differ: 2 vs\. 1
-          error: beginning MaxStartups throttling
-          fatal: Timeout before authentication for \S+ port [0-9]+
-        '';
+        filters = sshd_filter;
         match = "SYSLOG_IDENTIFIER = sshd";
       }