chore 📦: Update file path for non-clustered environments in fail2ban.yml

This commit updates the file path configuration for non-clustered environments in the `fail2ban.yml` file. This ensures that the correct paths are used when running fail2ban outside of a clustered environment.
refactor ♻️: Check for firewall file existence before debugging
2026-03-02 19:02:18 +01:00 · 2026-03-01 20:03:52 +01:00 · 2026-03-01 12:59:08 +01:00 · 2026-03-01 12:56:54 +01:00 · 2026-03-01 12:05:48 +01:00
1 changed files with 16 additions and 7 deletions
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -94,7 +94,6 @@
      backend  = systemd
      banaction = {% if (clustered.stat.exists | default(false)) %} proxmox-fw{% else %} iptables-multiport{% endif %}
      ignoreip = 127.0.0.1/8 192.168.2.0/24
      # {% if pmxcfs_running.stat.exists %} {{ corosync_networks | join(' ') }}{% endif %}
      #################################################
      # SSH
@@ -153,10 +152,16 @@
      {{
        '/etc/pve/firewall/cluster.fw'
        if clustered.stat.exists
-        else '/etc/pve/nodes/' + pve_node + '.fw'
+        else '/etc/pve/nodes/' + pve_node + '/host.fw'
      }}
  when: pve_installed.stat.exists | default(false)
 - name: fail2ban | Show firewall config path
  ansible.builtin.debug:
    msg: >
      WARNING: Proxmox firewall config path is:  {{ pve_firewall_config}}
  when: pve_firewall_config is defined
 #################################################
 # Detect firewall configuration
 #################################################
@@ -173,15 +178,19 @@
  register: fw_content
  when: fw_stat.stat.exists | default(false)
 - name: fail2ban | Debug config contents
  ansible.builtin.debug:
    msg: >
      {{ fw_content }}
  when: fw_stat.stat.exists | default(false)
 - name: fail2ban | Determine if firewall enabled
  ansible.builtin.set_fact:
    pve_firewall_enabled: >-
      {{
-        (fw_stat.stat.exists | default(false)) and
+        fw_stat.stat.exists and
-        (
+        (fw_content.content | b64decode)
-          (fw_content.content | default('') | b64decode)
+        is search('^enable:\s*1$', multiline=True)
          is search('enable:\s*1')
        )
      }}
 - name: fail2ban | Warn if firewall not enabled
Author	SHA1	Message	Date
Jose	ded4fb8270	chore 📦: Update file path for non-clustered environments in fail2ban.yml All checks were successful ansible-lint / Ansible Lint (push) Successful in 15s Details Gitleaks Scan / gitleaks (push) Successful in 5s Details Markdown Lint / markdown-lint (push) Successful in 5s Details ai-reviews / Review PR (pull_request) Successful in 12s Details PR check / Gitleaks (pull_request) Successful in 4s Details PR check / lint tests (pull_request) Successful in 15s Details PR check / labeler (pull_request) Successful in 3s Details PR check / handle_failures (pull_request) Has been skipped Details PR check / handle_success (pull_request) Successful in 2s Details This commit updates the file path configuration for non-clustered environments in the `fail2ban.yml` file. This ensures that the correct paths are used when running fail2ban outside of a clustered environment.	2026-03-02 19:02:18 +01:00
Jose	38831f981a	refactor ♻️: Check for firewall file existence before debugging All checks were successful ansible-lint / Ansible Lint (push) Successful in 12s Details Gitleaks Scan / gitleaks (push) Successful in 4s Details Markdown Lint / markdown-lint (push) Successful in 5s Details ai-reviews / Review PR (pull_request) Successful in 11s Details PR check / Gitleaks (pull_request) Successful in 4s Details PR check / lint tests (pull_request) Successful in 15s Details PR check / labeler (pull_request) Successful in 2s Details PR check / handle_failures (pull_request) Has been skipped Details PR check / handle_success (pull_request) Successful in 2s Details Refactored the code to include a conditional check for the existence of the firewall file before proceeding with debugging. This ensures that the debugging process is only initiated when necessary, preventing unnecessary operations and potential errors.	2026-03-01 20:03:52 +01:00
Jose	d2761bd840	refactor ♻️: Refactor task names and improve formatting in `fail2ban.yml` All checks were successful ansible-lint / Ansible Lint (push) Successful in 12s Details Gitleaks Scan / gitleaks (push) Successful in 4s Details Markdown Lint / markdown-lint (push) Successful in 8s Details ai-reviews / Review PR (pull_request) Successful in 13s Details PR check / Gitleaks (pull_request) Successful in 5s Details PR check / lint tests (pull_request) Successful in 16s Details PR check / labeler (pull_request) Successful in 2s Details PR check / handle_failures (pull_request) Has been skipped Details PR check / handle_success (pull_request) Successful in 1s Details This commit refactors the task names for better readability and consistency. Additionally, it improves the formatting of the YAML file to enhance maintainability.	2026-03-01 12:59:08 +01:00
Jose	c8fb6e4c80	feat ✨: Add debug tasks for Proxmox firewall config path and contents Some checks failed ansible-lint / Ansible Lint (push) Failing after 13s Details Gitleaks Scan / gitleaks (push) Successful in 5s Details Markdown Lint / markdown-lint (push) Successful in 5s Details ai-reviews / Review PR (pull_request) Successful in 15s Details PR check / Gitleaks (pull_request) Successful in 5s Details PR check / lint tests (pull_request) Failing after 17s Details PR check / labeler (pull_request) Successful in 2s Details PR check / handle_failures (pull_request) Successful in 1s Details PR check / handle_success (pull_request) Has been skipped Details This commit introduces new debug tasks to help diagnose issues related to the Proxmox firewall configuration path and its contents. These tasks will assist in verifying that the paths are correctly set up and that the necessary files are present.	2026-03-01 12:56:54 +01:00
Jose	54f3f761c8	chore 📦: Remove commented-out code in fail2ban.yml All checks were successful ansible-lint / Ansible Lint (push) Successful in 14s Details Gitleaks Scan / gitleaks (push) Successful in 4s Details Markdown Lint / markdown-lint (push) Successful in 5s Details ai-reviews / Review PR (pull_request) Successful in 12s Details PR check / Gitleaks (pull_request) Successful in 5s Details PR check / lint tests (pull_request) Successful in 16s Details PR check / labeler (pull_request) Successful in 2s Details PR check / handle_failures (pull_request) Has been skipped Details PR check / handle_success (pull_request) Successful in 2s Details This commit removes unnecessary commented-out code from the fail2ban.yml file to clean up and simplify the configuration.	2026-03-01 12:05:48 +01:00