Commits · ee91fbe386b50fb0e2b8409b11a48bd8f7a69854 · Arch Linux / infrastructure

Feb 18, 2024

fail2ban: Use a managed firewalld ipset · 95e19506

The firewalld direct interface is deprecated and will be removed in a
future release[1]. Recently IPv4 connectivity inside docker containers
on our runners broke and after some troubleshooting, the issue was
pinpointed to the start of the fail2ban service. We also had issues in
the past where sometimes firewalld had to be restarted after boot before
network connectivity worked in libvirt on our runners.

The issuse may be due to a bug in the way fail2ban use the direct
interface, a bug in firewalld or a combination thereof. Let's just avoid
the direct interface altogether and create a clean separation, with
firewalld handling the blocking and fail2ban maintaining the ipset.

[1] https://firewalld.org/documentation/man-pages/firewalld.direct.html

Verified

95e19506

Feb 18, 2023
- ansible-lint: Forbidden implicit octal value 'xxxx' · 3ac1bac0
  Leonidas Spyropoulos authored 2 years ago and Evangelos Foutras committed 2 years ago
  
  Convert the permissions to strings to avoid octal interpretation. Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  3ac1bac0
Aug 29, 2022
- Capitalize the handler name in handler invocations · 578b7819
  Evangelos Foutras authored 2 years ago
  
  Fixes: 26f289b7 ("Capitalize the first letter of all task names")
  Verified
  
  578b7819
Aug 23, 2022

Capitalize the first letter of all task names · 26f289b7

Evangelos Foutras authored 2 years ago

ansible-lint 6.5.0 complains about:

  name: All names should start with an
        uppercase letter. (name[casing])

Verified

26f289b7

May 23, 2021
- fail2ban: Ban IPs based on nginx request abuse · e5773374
  Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
  e5773374
Feb 14, 2021

Make ansible-lint happy · 4112bdf9

Kristian Klausen authored 4 years ago

yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.

4112bdf9

Jun 12, 2020
- fix E206 'Variables should have spaces before and after: {{ var_name }}' · 2b2bd065
  Frederik Schwan authored 4 years ago
  
  Verified
  
  2b2bd065
Oct 30, 2019
- fail2ban; minor fixes to ansible syntax · 1af86dc0
  Phillip Smith (fukawi2) authored 5 years ago
  
  1af86dc0
Oct 25, 2019

implement fail2ban role and deploy to orion · 61d48f11

Phillip Smith authored 5 years ago

fail2ban role now protects postfix, dovecot and sshd. other roles can drop
configuration files into /etc/fail2ban/jail.d/*.local to enable fail2ban to
monitor it's service.

61d48f11

Sep 01, 2019

Add fail2ban for apollo · 0c40d331

Jelle van der Waa authored 5 years ago

This bans all requests exceeding 1/min in a time period of 30 minutes.
This might be too harse and can be adjusted later.

0c40d331

Admin message