ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/base/templates/jail.local.j2
ilia e897b1a027
Some checks failed
CI / lint-and-test (push) Successful in 1m16s
Details
CI / ansible-validation (push) Successful in 5m49s
Details
CI / secret-scanning (push) Successful in 1m33s
Details
CI / dependency-scan (push) Successful in 2m48s
Details
CI / sast-scan (push) Successful in 5m46s
Details
CI / license-check (push) Successful in 1m11s
Details
CI / vault-check (push) Failing after 5m25s
Details
CI / playbook-test (push) Successful in 5m32s
Details
CI / container-scan (push) Successful in 4m32s
Details
CI / sonar-analysis (push) Successful in 6m53s
Details
CI / workflow-summary (push) Successful in 1m6s
Details
Fix: Resolve linting errors and improve firewall configuration (#2) 
- Fix UFW firewall to allow outbound traffic (was blocking all outbound)
- Add HOST parameter support to shell Makefile target
- Fix all ansible-lint errors (trailing spaces, missing newlines, document starts)
- Add changed_when: false to check commands
- Fix variable naming (vault_devGPU -> vault_devgpu)
- Update .ansible-lint config to exclude .gitea/ and allow strategy: free
- Fix NodeSource repository GPG key handling in shell playbook
- Add missing document starts to host_vars files
- Clean up empty lines in datascience role files

Reviewed-on: #2
2025-12-25 16:47:26 -05:00

38 lines
881 B
Django/Jinja
Raw Blame History

[DEFAULT]
# Ban hosts for 1 hour
bantime = 3600
# Check for repeated failures for 10 minutes
findtime = 600
# Allow 3 failures before banning
maxretry = 3
# Email notifications (configured via fail2ban_destemail variable)
{% if fail2ban_destemail | default('') | length > 0 %}
destemail = {{ fail2ban_destemail }}
sender = {{ fail2ban_sender | default(fail2ban_destemail) }}
action = {{ fail2ban_action | default('%(action_mwl)s') }}
{% else %}
# Email notifications disabled (set fail2ban_destemail in group_vars/all/main.yml to enable)
{% endif %}
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache2/error.log
maxretry = 3
[nginx-http-auth]
enabled = false
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 3
Reference in New Issue View Git Blame Copy Permalink