From f7a0877e72290e44e2a303bd710bf303e718b4d5 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 14 Feb 2021 11:39:01 +0000
Subject: [PATCH] Exclude nebula from fail2ban

---
 ansible/roles/base/files/ssh-jail.conf                 | 2 +-
 ansible/roles/gateway/files/haproxy-fail2ban-jail.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/base/files/ssh-jail.conf b/ansible/roles/base/files/ssh-jail.conf
index f64b9a2..fce4c08 100644
--- a/ansible/roles/base/files/ssh-jail.conf
+++ b/ansible/roles/base/files/ssh-jail.conf
@@ -4,4 +4,4 @@ bantime  = 600
 findtime = 30
 maxretry = 5
 port     = {{ ssh_port }},ssh
-ignoreip = {{ wireguard.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 5b85518..0292387 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -7,4 +7,4 @@ filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
 port     = http,https
-ignoreip = {{ wireguard.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}