Create initial log files for fail2ban

2022-06-07 00:25:47 -04:00
parent b52ccabd22
commit dd9f84d498
5 changed files with 26 additions and 1 deletions
--- a/roles/bitwarden/defaults/main.yml
+++ b/roles/bitwarden/defaults/main.yml
@@ -1,5 +1,7 @@
 bitwarden_name: bitwarden
 bitwarden_root: "/var/lib/{{ bitwarden_name }}"
+bitwarden_logs_identity: "{{ bitwarden_root }}/bwdata/logs/identity/Identity"
+bitwarden_logs_identity_date: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"
 bitwarden_database: "{{ bitwarden_name }}"
 bitwarden_realips: "172.16.0.0/12"
 bitwarden_standalone: false
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@@ -78,6 +78,18 @@
  register: bitwarden_systemd
  notify: rebuild_bitwarden

+- name: Create Bitwarden's initial logging directory
+  file:
+    path: "{{ bitwarden_logs_identity }}"
+    state: directory
+  register: bitwarden_logs
+
+- name: Create Bitwarden's initial log file
+  file:
+    path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt"
+    state: touch
+  when: bitwarden_logs.changed
+
 - name: Install Bitwarden's Fail2ban jail
  template:
    src: fail2ban-jail.conf.j2
--- a/roles/bitwarden/templates/fail2ban-jail.conf.j2
+++ b/roles/bitwarden/templates/fail2ban-jail.conf.j2
@@ -2,7 +2,7 @@
 [bitwarden]
 enabled = true
 filter = bitwarden
-logpath = /var/lib/bitwarden/bwdata/logs/identity/Identity/*
+logpath = {{ bitwarden_root }}/bwdata/logs/identity/Identity/*
 maxretry = 10
 findtime = 3600
 bantime = 900
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -81,6 +81,16 @@
    dest: "{{ gitea_root }}/.env"
  notify: restart_gitea

+- name: Create Gitea's logging directory
+  file:
+    name: /var/log/gitea
+    state: directory
+
+- name: Create Gitea's initial log file
+  file:
+    name: /var/log/gitea/gitea.log
+    state: touch
+
 - name: Install Gitea's Fail2ban filter
  template:
    src: fail2ban-filter.conf.j2
--- a/roles/gitea/templates/docker-compose.yml.j2
+++ b/roles/gitea/templates/docker-compose.yml.j2
@@ -21,6 +21,7 @@ services:
      - GITEA__database__NAME=${gitea_dbname}
      - GITEA__database__USER=${gitea_dbuser}
      - GITEA__database__PASSWD=${gitea_dbpass}
+      - GITEA__security__INSTALL_LOCK=true
      - GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit}
      - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies}
      - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}