Verified Commit 992f81d7 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

By default enable the sshd jail for fail2ban

For all hosts we want to have a working fail2ban for sshd brute force
attempts through a group_vars/all. For some hosts an override is
required to enable postfix or dovecot jails.
parent 9965fcba
Pipeline #2717 passed with stage
in 53 seconds
......@@ -14,3 +14,8 @@ maintenance_remote_machine: "{{ hostvars[inventory_hostname]['ansible_env'].SSH_
# prometheus-node-exporter port
prometheus_exporter_port: '9100'
prometheus_memcached_exporter_port: '9150'
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
gitlab_runner_exporter_port: 9252
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -9,8 +9,3 @@ zabbix_agent_templates:
- Template App HTTPS Service
- Template App MySQL
- Template App Nginx
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -9,8 +9,3 @@ zabbix_agent_templates:
- Template App HTTPS Service
- Template App MySQL
- Template App Nginx
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -7,8 +7,3 @@ zabbix_agent_templates:
- Template App HTTPS Service
- Template App MySQL
- Template App Nginx
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -7,8 +7,3 @@ zabbix_agent_templates:
- Template App HTTPS Service
- Template App MySQL
- Template App Nginx
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -22,8 +22,3 @@ zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App Nginx
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -9,8 +9,3 @@ zabbix_agent_templates:
- Template App Nginx
- Template App SSH Service
- Template App PostgreSQL
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
......@@ -6,6 +6,3 @@ zabbix_agent_templates:
- Template App Borg Backup
- Template App HTTP Service
- Template App HTTPS Service
fail2ban_jails:
sshd: true
......@@ -18,3 +18,4 @@
postgres_effective_cache_size: 1GB
- { role: keycloak }
- { role: borg_client, tags: ["borg"] }
- { role: fail2ban }
......@@ -15,3 +15,4 @@
- { role: sogrep }
- { role: archbuild }
- { role: docker_image }
- { role: fail2ban }
......@@ -12,3 +12,4 @@
- { role: gitlab, gitlab_domain: "gitlab.archlinux.org" }
- { role: borg_client, tags: ["borg"] }
- { role: prometheus_exporters }
- { role: fail2ban }
......@@ -14,3 +14,4 @@
- { role: public_html, public_domain: "pkgbuild.com", tags: ['nginx'] }
- { role: borg_client, tags: ["borg"] }
- { role: prometheus_exporters }
- { role: fail2ban }
......@@ -14,3 +14,4 @@
- { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true }
- { role: arch32_mirror, tags: ['nginx'] }
- { role: prometheus_exporters }
- { role: fail2ban }
......@@ -14,3 +14,4 @@
- { role: certbot }
- { role: nginx }
- { role: grafana, grafana_domain: 'monitoring.archlinux.org' }
- { role: fail2ban }
......@@ -15,3 +15,4 @@
- { role: nginx }
- { role: rebuilderd }
- { role: prometheus_exporters }
- { role: fail2ban }
......@@ -21,3 +21,4 @@
postgres_ssl_hosts6: ['::/0']
- { role: terraform_state }
- { role: prometheus_exporters }
- { role: fail2ban }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment