adds support for optional deployment of fail2ban jail
This commit is contained in:
parent
de4e7fa6e8
commit
11374216ac
7 changed files with 46 additions and 0 deletions
|
@ -105,6 +105,10 @@ The following have been tested with Debian 8, it should work on Ubuntu as well.
|
|||
* `gitea_mailer_host`: SMTP server hostname and port
|
||||
* `gitea_mailer_from`: Sender mail address
|
||||
|
||||
### Fail2Ban configuration
|
||||
|
||||
* `gitea_install_fail2ban_config`: Wether to deploy the fail2ban config snippets
|
||||
|
||||
## Disclaimer
|
||||
This module is currently a work in progress. For now it is only able to install
|
||||
gitea from the Github Release, in a fixed version for Linux amd64, on systems
|
||||
|
|
|
@ -40,3 +40,5 @@ gitea_mailer_enabled: false
|
|||
gitea_mailer_skip_verify: true
|
||||
gitea_mailer_host: localhost:25
|
||||
gitea_mailer_from: noreply@your.domain
|
||||
|
||||
gitea_install_fail2ban_config: false
|
||||
|
|
|
@ -3,3 +3,9 @@
|
|||
|
||||
- name: "Reload systemd"
|
||||
shell: "systemctl daemon-reload"
|
||||
|
||||
- name: "Restart fail2ban"
|
||||
service:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
|
||||
|
|
18
tasks/fail2ban.yaml
Normal file
18
tasks/fail2ban.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
- name: install fail2ban filter
|
||||
template:
|
||||
src: fail2ban/filter.conf.j2
|
||||
dest: /etc/fail2ban/filter.d/gitea.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: Restart fail2ban
|
||||
|
||||
- name: install fail2ban jail
|
||||
template:
|
||||
src: fail2ban/jail.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/gitea.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: Restart fail2ban
|
||||
|
|
@ -41,3 +41,6 @@
|
|||
name: gitea
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- include: fail2ban.yml
|
||||
when: gitea_install_fail2ban_config
|
4
templates/fail2ban/filter.conf.j2
Normal file
4
templates/fail2ban/filter.conf.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Managed by Ansible
|
||||
[Definition]
|
||||
failregex = .*Failed authentication attempt for .* from <HOST>
|
||||
ignoreregex =
|
9
templates/fail2ban/jail.conf.j2
Normal file
9
templates/fail2ban/jail.conf.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
[gitea]
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = gitea
|
||||
logpath = {{ gitea_home }}/log/gitea.log
|
||||
maxretry = 10
|
||||
findtime = 3600
|
||||
bantime = 900
|
||||
action = ufw
|
Loading…
Reference in a new issue