Jose
bc91383094
This commit updates the Fail2ban configuration to reduce bantime and findtime, and adds/fixes restart/reload tasks in handlers/main.yml. These changes aim to improve security and manageability of the fail2ban service.
63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
---
|
|
# ansible_role_proxmox_provision/defaults/main.yml
|
|
# Default values for role variables
|
|
# ===================================
|
|
|
|
# Swap handling
|
|
proxmox_disable_swap: true
|
|
proxmox_swapiness: 10
|
|
proxmox_min_ram_mb_for_no_swap: 16384
|
|
|
|
# Powertop
|
|
proxmox_enable_powertop: true
|
|
|
|
# Logrotate
|
|
proxmox_logrotate_enabled: true
|
|
|
|
proxmox_logrotate_rotate: 4
|
|
proxmox_logrotate_maxsize: 100M
|
|
proxmox_logrotate_frequency: daily
|
|
|
|
proxmox_logrotate_compress: true
|
|
proxmox_logrotate_delaycompress: true
|
|
proxmox_logrotate_missingok: true
|
|
proxmox_logrotate_notifempty: true
|
|
|
|
# Destination override file
|
|
proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom
|
|
|
|
# Default languages for APT translations
|
|
proxmox_apt_languages:
|
|
- "en"
|
|
- "es"
|
|
- "it"
|
|
|
|
# Percentage of total RAM to allocate to log2ram
|
|
log2ram_ram_percent: 5
|
|
|
|
log2ram_min_size_mb: 128
|
|
log2ram_max_size_mb: 1024
|
|
log2ram_host_memtotal_mb: "{{ ansible_memtotal_mb }}"
|
|
log2ram_version: "1.7.2"
|
|
|
|
# Journald RAM usage limit
|
|
journald_runtime_max_use: "100M"
|
|
|
|
# VM write frequency tuning
|
|
vm_dirty_ratio: 15
|
|
vm_dirty_background_ratio: 5
|
|
vm_swappiness: "{{ proxmox_swapiness }}"
|
|
|
|
# Fail2ban settings
|
|
f2b_bantime: 600 # 10 minutes
|
|
f2b_findtime: 1200 # 20 minutes
|
|
f2b_maxretry: 5
|
|
f2b_recidive_bantime: 3600 # 1 hours
|
|
f2b_recidive_findtime: 86400 # 24 hours
|
|
f2b_recidive_maxretry: 3
|
|
f2b_ipset_name: f2b-blacklist
|
|
f2b_bantime_increment: true
|
|
f2b_bantime_factor: 2
|
|
f2b_bantime_max: 86400
|
|
f2b_unban_ip: "" # ansible-playbook play.yml -e f2b_unban_ip=192.168.1.55
|