Add Fail2ban to Gitea and Bitwarden

roles/bitwarden/tasks/main.yml

@@ -78,6 +78,12 @@
   register: bitwarden_systemd
   notify: rebuild_bitwarden
 
+- name: Install Bitwarden's Fail2ban jail
+  template:
+    src: fail2ban-jail.conf.j2
+    dest: /etc/fail2ban/jail.d/bitwarden.conf
+  notify: restart_fail2ban
+
 - name: Reload systemd manager configuration
   systemd:
     daemon_reload: true

roles/bitwarden/templates/fail2ban-jail.conf.j2

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+[bitwarden]
+enabled = true
+filter = bitwarden
+logpath = /var/lib/bitwarden/bwdata/logs/identity/Identity/*
+maxretry = 10
+findtime = 3600
+bantime = 900
+action = iptables-allports