infrastructure/ansible/roles/gateway/files/nginx-fail2ban-jail.conf

[nginx]
enabled  = true
bantime  = 600
findtime = 10
maxretry = 100
filter   = nginx-tcp
logpath  = /var/log/nginx/ips.log
port     = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}

[traefik]
enabled = true
port     = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}