39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
# SSH
|
|
configure sshd jail:
|
|
file.managed:
|
|
- name: /etc/fail2ban/jail.d/sshd.local
|
|
- source: salt://fail2ban/files/jail.d/sshd.local
|
|
- user: root
|
|
- group: root
|
|
- mode: "0644"
|
|
- onlyif:
|
|
- pkg.is_installed: openssh
|
|
|
|
# Nextcloud
|
|
configure nextcloud jail:
|
|
file.managed:
|
|
- name: /etc/fail2ban/jail.d/nextcloud.local
|
|
- source: salt://fail2ban/files/jail.d/nextcloud.local
|
|
- user: root
|
|
- group: root
|
|
- mode: "0644"
|
|
- onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea'
|
|
|
|
configure nextcloud filter:
|
|
file.managed:
|
|
- name: /etc/fail2ban/filter.d/nextcloud.local
|
|
- source: salt://fail2ban/files/filter.d/nextcloud.local
|
|
- user: root
|
|
- group: root
|
|
- mode: "0644"
|
|
- onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea'
|
|
|
|
######
|
|
realod fail2ban config:
|
|
cmd.run:
|
|
- name: fail2ban-client reload
|
|
- onchanges:
|
|
- file: configure sshd jail
|
|
- file: configure nextcloud jail
|
|
- file: configure nextcloud filter
|