From 559efa281fc9855b5e7f0f86da79906ae4861bc3 Mon Sep 17 00:00:00 2001 From: Mathias Merscher Date: Sat, 9 Mar 2019 21:46:23 +0100 Subject: [PATCH] more fail2ban config options --- README.md | 6 ++++++ defaults/main.yml | 5 +++++ templates/fail2ban/jail.conf.j2 | 8 ++++---- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e3283cc..90e8867 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,13 @@ The following have been tested with Debian 8, it should work on Ubuntu as well. ### Fail2Ban configuration +If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/). Fail2ban has to be already installed. + * `gitea_fail2ban_enabled`: Wether to deploy the fail2ban config snippets +* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10` +* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600` +* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900` +* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports` ## Disclaimer This module is currently a work in progress. For now it is only able to install diff --git a/defaults/main.yml b/defaults/main.yml index 1e00988..913cd82 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,3 +42,8 @@ gitea_mailer_host: localhost:25 gitea_mailer_from: noreply@your.domain gitea_fail2ban_enabled: false +gitea_fail2ban_jail_maxretry: 10 +gitea_fail2ban_jail_findtime: 3600 +gitea_fail2ban_jail_bantime: 900 +gitea_fail2ban_jail_action: iptables-allports + diff --git a/templates/fail2ban/jail.conf.j2 b/templates/fail2ban/jail.conf.j2 index c6149fb..92d5fc9 100644 --- a/templates/fail2ban/jail.conf.j2 +++ b/templates/fail2ban/jail.conf.j2 @@ -3,7 +3,7 @@ enabled = true port = http,https filter = gitea logpath = {{ gitea_home }}/log/gitea.log -maxretry = 10 -findtime = 3600 -bantime = 900 -action = ufw +maxretry = {{ gitea_fail2ban_jail_maxretry }} +findtime = {{ gitea_fail2ban_jail_findtime }} +bantime = {{ gitea_fail2ban_jail_bantime }} +action = {{ gitea_fail2ban_jail_action }}