From 9b57350d92f221571d6a075f3e7e403c33e436ad Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sat, 30 Sep 2023 23:44:40 +0200 Subject: [PATCH] Debian 12 deploy fixes --- system/base/fail2ban/templates/jail.local | 21 +++++++++++++++++++++ system/extra/libvirt/tasks/main.yml | 20 +------------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/system/base/fail2ban/templates/jail.local b/system/base/fail2ban/templates/jail.local index 56b0523..00b1eaf 100644 --- a/system/base/fail2ban/templates/jail.local +++ b/system/base/fail2ban/templates/jail.local @@ -8,6 +8,27 @@ ignoreip = 127.0.0.1/8 ::1 {{ system_base_fail2ban_ignoreip }} # "bantime" is the number of seconds that a host is banned. bantime = 1d +# "backend" specifies the backend used to get files modification. +# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto". +# This option can be overridden in each jail as well. +# +# pyinotify: requires pyinotify (a file alteration monitor) to be installed. +# If pyinotify is not installed, Fail2ban will use auto. +# gamin: requires Gamin (a file alteration monitor) to be installed. +# If Gamin is not installed, Fail2ban will use auto. +# polling: uses a polling algorithm which does not require external libraries. +# systemd: uses systemd python library to access the systemd journal. +# Specifying "logpath" is not valid for this backend. +# See "journalmatch" in the jails associated filter config +# auto: will try to use the following backends, in order: +# pyinotify, gamin, polling. +# +# Note: if systemd backend is chosen as the default but you enable a jail +# for which logs are present only in its own log files, specify some other +# backend for that jail (e.g. polling) and provide empty value for +# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200 +backend = systemd + # Destination email address used solely for the interpolations in jail.{conf,local,d/*} # configuration files. destemail = root diff --git a/system/extra/libvirt/tasks/main.yml b/system/extra/libvirt/tasks/main.yml index 45c410c..d497d49 100644 --- a/system/extra/libvirt/tasks/main.yml +++ b/system/extra/libvirt/tasks/main.yml @@ -4,10 +4,9 @@ name: - "dnsmasq" - "libvirt-daemon-system" - - "netcat" + - "netcat-openbsd" - "qemu-system" install_recommends: false - register: system_extra_libvirt_install - name: "install zfs storage driver for libvirt" ansible.builtin.apt: @@ -15,29 +14,12 @@ - "libvirt-daemon-driver-storage-zfs" when: system_extra_libvirt_install_zfs_driver - register: system_extra_libvirt_zfs_driver - name: "enable libvirtd" ansible.builtin.systemd: name: "libvirtd" enabled: true -- name: "start libvirtd" - ansible.builtin.systemd: - name: "libvirtd" - state: "started" - register: system_extra_libvirt_start - -- name: "restart libvirtd" - ansible.builtin.systemd: - name: "libvirtd" - state: "restarted" - when: - (system_extra_libvirt_install.changed or - (system_extra_libvirt_zfs_driver is defined and - system_extra_libvirt_zfs_driver.changed)) and - not system_extra_libvirt_start.changed - - name: "add {{ system_extra_libvirt_user_name }} to group \"libvirt\"" ansible.builtin.user: name: "{{ system_extra_libvirt_user_name }}"