Revert "Remove fail2ban"

This reverts commit 1f0e33acc8.
2020-10-16 19:08:49 +01:00 · 2020-10-16 19:08:49 +01:00 · 4890c3d3e5
commit 4890c3d3e5
parent 30baed441e
4 changed files with 40 additions and 0 deletions
--- a/ansible/roles/gateway/files/haproxy-fail2ban-filter.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-filter.conf
@ -0,0 +1,4 @@
+[Definition]
+
+failregex = ^.*haproxy\[[0-9]+\]: <HOST>:.*$
+ignoreregex =
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@ -0,0 +1,8 @@
+[haproxy]
+enabled  = true
+bantime  = 600
+findtime = 120
+maxretry = 15
+filter   = haproxy-basic
+logpath  = /var/log/haproxy.log
+port     = http,https
--- a/ansible/roles/gateway/tasks/fail2ban.yml
+++ b/ansible/roles/gateway/tasks/fail2ban.yml
@ -0,0 +1,25 @@
+- name: Install fail2ban
+  apt:
+    name: fail2ban
+  become: true
+
+- name: fail2ban filter
+  template:
+    src: files/haproxy-fail2ban-filter.conf
+    dest: /etc/fail2ban/filter.d/haproxy-basic.conf
+  become: true
+  register: fail2ban_filter
+
+- name: fail2ban jail
+  template:
+    src: files/haproxy-fail2ban-jail.conf
+    dest: /etc/fail2ban/jail.d/haproxy.conf
+  become: true
+  register: fail2ban_jail
+
+- name: Restart fail2ban
+  service:
+    name: haproxy
+    state: restarted
+  become: true
+  when: fail2ban_filter.changed or fail2ban_jail.changed
--- a/ansible/roles/gateway/tasks/main.yml
+++ b/ansible/roles/gateway/tasks/main.yml
@ -3,3 +3,6 @@

 - name: Configure wireguard
  include: wireguard.yml
+
+- name: Configure fail2ban
+  include: fail2ban.yml