mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-28 18:31:59 +02:00
By default enable the sshd jail for fail2ban
For all hosts we want to have a working fail2ban for sshd brute force attempts through a group_vars/all. For some hosts an override is required to enable postfix or dovecot jails.
This commit is contained in:
parent
9965fcba2e
commit
992f81d766
@ -14,3 +14,8 @@ maintenance_remote_machine: "{{ hostvars[inventory_hostname]['ansible_env'].SSH_
|
||||
# prometheus-node-exporter port
|
||||
prometheus_exporter_port: '9100'
|
||||
prometheus_memcached_exporter_port: '9150'
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -1,6 +1 @@
|
||||
gitlab_runner_exporter_port: 9252
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -9,8 +9,3 @@ zabbix_agent_templates:
|
||||
- Template App HTTPS Service
|
||||
- Template App MySQL
|
||||
- Template App Nginx
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -9,8 +9,3 @@ zabbix_agent_templates:
|
||||
- Template App HTTPS Service
|
||||
- Template App MySQL
|
||||
- Template App Nginx
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -7,8 +7,3 @@ zabbix_agent_templates:
|
||||
- Template App HTTPS Service
|
||||
- Template App MySQL
|
||||
- Template App Nginx
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -7,8 +7,3 @@ zabbix_agent_templates:
|
||||
- Template App HTTPS Service
|
||||
- Template App MySQL
|
||||
- Template App Nginx
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -22,8 +22,3 @@ zabbix_agent_templates:
|
||||
- Template OS Linux
|
||||
- Template App Borg Backup
|
||||
- Template App Nginx
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -9,8 +9,3 @@ zabbix_agent_templates:
|
||||
- Template App Nginx
|
||||
- Template App SSH Service
|
||||
- Template App PostgreSQL
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
postfix: false
|
||||
dovecot: false
|
||||
|
@ -6,6 +6,3 @@ zabbix_agent_templates:
|
||||
- Template App Borg Backup
|
||||
- Template App HTTP Service
|
||||
- Template App HTTPS Service
|
||||
|
||||
fail2ban_jails:
|
||||
sshd: true
|
||||
|
@ -18,3 +18,4 @@
|
||||
postgres_effective_cache_size: 1GB
|
||||
- { role: keycloak }
|
||||
- { role: borg_client, tags: ["borg"] }
|
||||
- { role: fail2ban }
|
||||
|
@ -15,3 +15,4 @@
|
||||
- { role: sogrep }
|
||||
- { role: archbuild }
|
||||
- { role: docker_image }
|
||||
- { role: fail2ban }
|
||||
|
@ -12,3 +12,4 @@
|
||||
- { role: gitlab, gitlab_domain: "gitlab.archlinux.org" }
|
||||
- { role: borg_client, tags: ["borg"] }
|
||||
- { role: prometheus_exporters }
|
||||
- { role: fail2ban }
|
||||
|
@ -14,3 +14,4 @@
|
||||
- { role: public_html, public_domain: "pkgbuild.com", tags: ['nginx'] }
|
||||
- { role: borg_client, tags: ["borg"] }
|
||||
- { role: prometheus_exporters }
|
||||
- { role: fail2ban }
|
||||
|
@ -14,3 +14,4 @@
|
||||
- { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true }
|
||||
- { role: arch32_mirror, tags: ['nginx'] }
|
||||
- { role: prometheus_exporters }
|
||||
- { role: fail2ban }
|
||||
|
@ -14,3 +14,4 @@
|
||||
- { role: certbot }
|
||||
- { role: nginx }
|
||||
- { role: grafana, grafana_domain: 'monitoring.archlinux.org' }
|
||||
- { role: fail2ban }
|
||||
|
@ -15,3 +15,4 @@
|
||||
- { role: nginx }
|
||||
- { role: rebuilderd }
|
||||
- { role: prometheus_exporters }
|
||||
- { role: fail2ban }
|
||||
|
@ -21,3 +21,4 @@
|
||||
postgres_ssl_hosts6: ['::/0']
|
||||
- { role: terraform_state }
|
||||
- { role: prometheus_exporters }
|
||||
- { role: fail2ban }
|
||||
|
Loading…
Reference in New Issue
Block a user