more fail2ban config options

README.md

@@ -107,7 +107,13 @@ The following have been tested with Debian 8, it should work on Ubuntu as well.
 
 ### Fail2Ban configuration
 
+If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/). Fail2ban has to be already installed.
+
 * `gitea_fail2ban_enabled`: Wether to deploy the fail2ban config snippets
+* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10`
+* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600`
+* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900`
+* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports`
 
 ## Disclaimer
 This module is currently a work in progress. For now it is only able to install

defaults/main.yml

@@ -42,3 +42,8 @@ gitea_mailer_host:    localhost:25
 gitea_mailer_from:    noreply@your.domain
 
 gitea_fail2ban_enabled: false
+gitea_fail2ban_jail_maxretry: 10
+gitea_fail2ban_jail_findtime: 3600
+gitea_fail2ban_jail_bantime: 900
+gitea_fail2ban_jail_action: iptables-allports
+

templates/fail2ban/jail.conf.j2

@@ -3,7 +3,7 @@ enabled = true
 port = http,https
 filter = gitea
 logpath = {{ gitea_home }}/log/gitea.log
-maxretry = 10
-findtime = 3600
-bantime = 900
-action = ufw
+maxretry = {{ gitea_fail2ban_jail_maxretry }}
+findtime = {{ gitea_fail2ban_jail_findtime }}
+bantime = {{ gitea_fail2ban_jail_bantime }}
+action = {{ gitea_fail2ban_jail_action }}