From dd9f84d498b74e5afeda78290107f0aa111aee9e Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Tue, 7 Jun 2022 00:25:47 -0400 Subject: [PATCH] Create initial log files for fail2ban --- roles/bitwarden/defaults/main.yml | 2 ++ roles/bitwarden/tasks/main.yml | 12 ++++++++++++ roles/bitwarden/templates/fail2ban-jail.conf.j2 | 2 +- roles/gitea/tasks/main.yml | 10 ++++++++++ roles/gitea/templates/docker-compose.yml.j2 | 1 + 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml index 53d6d92..8e03a1c 100644 --- a/roles/bitwarden/defaults/main.yml +++ b/roles/bitwarden/defaults/main.yml @@ -1,5 +1,7 @@ bitwarden_name: bitwarden bitwarden_root: "/var/lib/{{ bitwarden_name }}" +bitwarden_logs_identity: "{{ bitwarden_root }}/bwdata/logs/identity/Identity" +bitwarden_logs_identity_date: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}" bitwarden_database: "{{ bitwarden_name }}" bitwarden_realips: "172.16.0.0/12" bitwarden_standalone: false diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index eb55576..136a0b0 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -78,6 +78,18 @@ register: bitwarden_systemd notify: rebuild_bitwarden +- name: Create Bitwarden's initial logging directory + file: + path: "{{ bitwarden_logs_identity }}" + state: directory + register: bitwarden_logs + +- name: Create Bitwarden's initial log file + file: + path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt" + state: touch + when: bitwarden_logs.changed + - name: Install Bitwarden's Fail2ban jail template: src: fail2ban-jail.conf.j2 diff --git a/roles/bitwarden/templates/fail2ban-jail.conf.j2 b/roles/bitwarden/templates/fail2ban-jail.conf.j2 index 8caa9d2..6e85e00 100644 --- a/roles/bitwarden/templates/fail2ban-jail.conf.j2 +++ b/roles/bitwarden/templates/fail2ban-jail.conf.j2 @@ -2,7 +2,7 @@ [bitwarden] enabled = true filter = bitwarden -logpath = /var/lib/bitwarden/bwdata/logs/identity/Identity/* +logpath = {{ bitwarden_root }}/bwdata/logs/identity/Identity/* maxretry = 10 findtime = 3600 bantime = 900 diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 901da5d..02e587c 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -81,6 +81,16 @@ dest: "{{ gitea_root }}/.env" notify: restart_gitea +- name: Create Gitea's logging directory + file: + name: /var/log/gitea + state: directory + +- name: Create Gitea's initial log file + file: + name: /var/log/gitea/gitea.log + state: touch + - name: Install Gitea's Fail2ban filter template: src: fail2ban-filter.conf.j2 diff --git a/roles/gitea/templates/docker-compose.yml.j2 b/roles/gitea/templates/docker-compose.yml.j2 index 284bfcb..44b27b9 100644 --- a/roles/gitea/templates/docker-compose.yml.j2 +++ b/roles/gitea/templates/docker-compose.yml.j2 @@ -21,6 +21,7 @@ services: - GITEA__database__NAME=${gitea_dbname} - GITEA__database__USER=${gitea_dbuser} - GITEA__database__PASSWD=${gitea_dbpass} + - GITEA__security__INSTALL_LOCK=true - GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit} - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies} - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}