mmckinnon/homelab
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

chore: turn off fail2ban
All checks were successful
Deploy / Prepare Build (push) Successful in 34s
Details

Browse Source
This commit is contained in:
Matthew McKinnon
2025-09-22 20:24:26 +10:00
parent 49fc1ba3e4
commit c1647aa3fa
1 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
main.yml
View File

@ -15,42 +15,46 @@
file: file:
path: "/data" path: "/data"
state: directory state: directory
tags: base_install
- name: Setup base system - name: Setup base system
import_tasks: tasks/base.yml import_tasks: tasks/base.yml
tags: base_install
roles: roles:
- role: geerlingguy.docker - role: geerlingguy.docker
docker_users: docker_users:
- administrator - administrator
# - role: grzegorzfranus.fail2ban tags: base_install
# vars: - role: grzegorzfranus.fail2ban
# fail2ban_ignoreip: vars:
# - 127.0.0.1/8 # loopback fail2ban_ignoreip:
# - 10.0.0.0/8 # Private - 127.0.0.1/8 # loopback
# - 172.16.0.0/12 # Private - 10.0.0.0/8 # Private
# - 192.168.0.0/16 # Private - 172.16.0.0/12 # Private
# - 169.254.0.0/16 # link-local / APIPA - 192.168.0.0/16 # Private
# - 100.64.0.0/10 # CGNAT - 169.254.0.0/16 # link-local / APIPA
# - 203.0.113.0/24 # TEST-NETs - 100.64.0.0/10 # CGNAT
# - 192.0.2.0/24 # TEST-NETs - 203.0.113.0/24 # TEST-NETs
# - 198.51.100.0/24 # TEST-NETs - 192.0.2.0/24 # TEST-NETs
# - ::1 # ULA - fc00::/7 # Private - 198.51.100.0/24 # TEST-NETs
# - fe80::/10 # Private - ::1 # ULA - fc00::/7 # Private
# fail2ban_bantime: "1h" - fe80::/10 # Private
# fail2ban_findtime: "30m" fail2ban_bantime: "1h"
# fail2ban_maxretry: 3 fail2ban_findtime: "30m"
# fail2ban_custom_jail_files: fail2ban_maxretry: 3
# - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf fail2ban_custom_jail_files:
# content: | - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
# [sshd-strict] content: |
# enabled = true [sshd-strict]
# filter = sshd enabled = true
# port = ssh filter = sshd
# logpath = journal port = ssh
# backend = systemd logpath = journal
# maxretry = 3 backend = systemd
# bantime = 3600 maxretry = 3
# findtime = 300 bantime = 3600
findtime = 300
tags: base_install
tags: base_install tags: base_install