immich

playbooks/fail2ban-ingress/fail2ban-ingress.yml

@@ -0,0 +1,29 @@
+- name: Fail2ban-ingress
+  hosts: animeistrash
+  become: true
+
+  tasks:
+    - name: Install fail2ban
+      ansible.builtin.apt:
+        name: fail2ban
+        state: present
+
+    - name: Create user
+      ansible.builtin.user:
+        name: fail2forward
+        create_home: true
+
+    - name: Copy jail.local
+      ansible.builtin.template:
+        src: jail.local.j2
+        dest: /etc/fail2ban/jail.local
+        owner: root
+        group: root
+        mode: '0644'
+      notify: Restart fail2ban
+
+  handlers:
+    - name: Restart fail2ban
+      ansible.builtin.service:
+        name: fail2ban
+        state: restarted

playbooks/fail2ban-ingress/jail.local.j2

@@ -0,0 +1,27 @@
+[DEFAULT]
+bantime  = 24h
+findtime = 10m
+maxretry = 5
+banaction = ufw
+bantime.increment = true
+bantime.multipliers = 1 5 30 60 300 720 1440 2880
+
+[sshd]
+enabled = true
+port    = ssh,2222,4444
+
+[nginx-http-auth]
+enabled = true
+
+[nginx-limit-req]
+enabled = true
+
+[postfix]
+enabled  = true
+port     = smtp,submission
+logpath  = /opt/beeserver/mail/mail-logs/mail.log
+
+[dovecot]
+enabled  = true
+port     = imaps,pop3s
+logpath  = /opt/beeserver/mail/mail-logs/mail.log