From 4db474034eb33866a5e3bf10a9004ae3e2387f18 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 27 Sep 2021 14:49:56 +0100
Subject: [PATCH] Ignore my VMs from a fail2ban

---
 ansible/group_vars/all/hosts.yml                       | 3 +++
 ansible/roles/gateway/files/nginx-fail2ban-jail.conf   | 4 ++--
 ansible/roles/traefik/files/fail2ban/traefik-jail.conf | 2 +-
 terraform/context.tf                                   | 5 ++++-
 4 files changed, 10 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 ansible/group_vars/all/hosts.yml

diff --git a/ansible/group_vars/all/hosts.yml b/ansible/group_vars/all/hosts.yml
old mode 100644
new mode 100755
index f0765ed..c21acec
--- a/ansible/group_vars/all/hosts.yml
+++ b/ansible/group_vars/all/hosts.yml
@@ -1,2 +1,5 @@
 "hosts":
   "casey_ip": "108.61.221.88"
+  "decker_ip": "95.179.184.22"
+  "grimes_ip": "104.238.172.209"
+  "walker_ip": "192.248.168.230"
diff --git a/ansible/roles/gateway/files/nginx-fail2ban-jail.conf b/ansible/roles/gateway/files/nginx-fail2ban-jail.conf
index 57ae5a4..d518fdd 100644
--- a/ansible/roles/gateway/files/nginx-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/nginx-fail2ban-jail.conf
@@ -6,9 +6,9 @@ maxretry = 100
 filter   = nginx-tcp
 logpath  = /var/log/nginx/ips.log
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
 
 [traefik]
 enabled = true
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
diff --git a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf b/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
index 9e3c0aa..83118bc 100644
--- a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
+++ b/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
@@ -6,5 +6,5 @@ maxretry = 5
 filter   = traefik
 logpath = /tmp/traefik-logs/access.log
 port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
 action = gateway
diff --git a/terraform/context.tf b/terraform/context.tf
index b9393bf..6253795 100644
--- a/terraform/context.tf
+++ b/terraform/context.tf
@@ -1,7 +1,10 @@
 resource "local_file" "hosts" {
   content = yamlencode({
     hosts : {
-      casey_ip : vultr_instance.casey.main_ip
+      casey_ip : vultr_instance.casey.main_ip,
+      walker_ip : vultr_instance.walker.main_ip,
+      grimes_ip : vultr_instance.grimes.main_ip,
+      decker_ip : vultr_instance.decker.main_ip,
     }
   })
   filename = "${path.module}/../ansible/group_vars/all/hosts.yml"