kris/homelab
kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Create initial log files for fail2ban

Browse Source
This commit is contained in:
Kris Lamoureux 2022-06-07 00:25:47 -04:00
parent b52ccabd22
commit dd9f84d498
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
5 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/bitwarden/defaults/main.yml
View File

@ -1,5 +1,7 @@
bitwarden_name: bitwarden bitwarden_name: bitwarden
bitwarden_root: "/var/lib/{{ bitwarden_name }}" bitwarden_root: "/var/lib/{{ bitwarden_name }}"
bitwarden_logs_identity: "{{ bitwarden_root }}/bwdata/logs/identity/Identity"
bitwarden_logs_identity_date: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"
bitwarden_database: "{{ bitwarden_name }}" bitwarden_database: "{{ bitwarden_name }}"
bitwarden_realips: "172.16.0.0/12" bitwarden_realips: "172.16.0.0/12"
bitwarden_standalone: false bitwarden_standalone: false

12
roles/bitwarden/tasks/main.yml
View File

@ -78,6 +78,18 @@
register: bitwarden_systemd register: bitwarden_systemd
notify: rebuild_bitwarden notify: rebuild_bitwarden
- name: Create Bitwarden's initial logging directory
file:
path: "{{ bitwarden_logs_identity }}"
state: directory
register: bitwarden_logs
- name: Create Bitwarden's initial log file
file:
path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt"
state: touch
when: bitwarden_logs.changed
- name: Install Bitwarden's Fail2ban jail - name: Install Bitwarden's Fail2ban jail
template: template:
src: fail2ban-jail.conf.j2 src: fail2ban-jail.conf.j2

2
roles/bitwarden/templates/fail2ban-jail.conf.j2
View File

@ -2,7 +2,7 @@
[bitwarden] [bitwarden]
enabled = true enabled = true
filter = bitwarden filter = bitwarden
logpath = /var/lib/bitwarden/bwdata/logs/identity/Identity/* logpath = {{ bitwarden_root }}/bwdata/logs/identity/Identity/*
maxretry = 10 maxretry = 10
findtime = 3600 findtime = 3600
bantime = 900 bantime = 900

10
roles/gitea/tasks/main.yml
View File

@ -81,6 +81,16 @@
dest: "{{ gitea_root }}/.env" dest: "{{ gitea_root }}/.env"
notify: restart_gitea notify: restart_gitea
- name: Create Gitea's logging directory
file:
name: /var/log/gitea
state: directory
- name: Create Gitea's initial log file
file:
name: /var/log/gitea/gitea.log
state: touch
- name: Install Gitea's Fail2ban filter - name: Install Gitea's Fail2ban filter
template: template:
src: fail2ban-filter.conf.j2 src: fail2ban-filter.conf.j2

1
roles/gitea/templates/docker-compose.yml.j2
View File

@ -21,6 +21,7 @@ services:
- GITEA__database__NAME=${gitea_dbname} - GITEA__database__NAME=${gitea_dbname}
- GITEA__database__USER=${gitea_dbuser} - GITEA__database__USER=${gitea_dbuser}
- GITEA__database__PASSWD=${gitea_dbpass} - GITEA__database__PASSWD=${gitea_dbpass}
- GITEA__security__INSTALL_LOCK=true
- GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit} - GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit}
- GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies} - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies}
- GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration} - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}