Jose
4fa35ca62d
This commit adds Fail2ban settings to `defaults/main.yml`, a new task to restart the fail2ban service, and a task file for deploying Fail2Ban integrated with Proxmox Firewall. The new tasks include checks, validations, and configuration to enhance security by blocking malicious IP addresses.
62 lines
1.4 KiB
YAML
62 lines
1.4 KiB
YAML
---
|
|
# ansible_role_proxmox_provision/defaults/main.yml
|
|
# Default values for role variables
|
|
# ===================================
|
|
|
|
# Swap handling
|
|
proxmox_disable_swap: true
|
|
proxmox_swapiness: 10
|
|
proxmox_min_ram_mb_for_no_swap: 16384
|
|
|
|
# Powertop
|
|
proxmox_enable_powertop: true
|
|
|
|
# Logrotate
|
|
proxmox_logrotate_enabled: true
|
|
|
|
proxmox_logrotate_rotate: 4
|
|
proxmox_logrotate_maxsize: 100M
|
|
proxmox_logrotate_frequency: daily
|
|
|
|
proxmox_logrotate_compress: true
|
|
proxmox_logrotate_delaycompress: true
|
|
proxmox_logrotate_missingok: true
|
|
proxmox_logrotate_notifempty: true
|
|
|
|
# Destination override file
|
|
proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom
|
|
|
|
# Default languages for APT translations
|
|
proxmox_apt_languages:
|
|
- "en"
|
|
- "es"
|
|
- "it"
|
|
|
|
# Percentage of total RAM to allocate to log2ram
|
|
log2ram_ram_percent: 5
|
|
|
|
log2ram_min_size_mb: 128
|
|
log2ram_max_size_mb: 1024
|
|
log2ram_host_memtotal_mb: "{{ ansible_memtotal_mb }}"
|
|
log2ram_version: "1.7.2"
|
|
|
|
# Journald RAM usage limit
|
|
journald_runtime_max_use: "100M"
|
|
|
|
# VM write frequency tuning
|
|
vm_dirty_ratio: 15
|
|
vm_dirty_background_ratio: 5
|
|
vm_swappiness: "{{ proxmox_swapiness }}"
|
|
|
|
# Fail2ban settings
|
|
f2b_bantime: 1800 # 30 minutes
|
|
f2b_findtime: 600
|
|
f2b_maxretry: 5
|
|
f2b_recidive_bantime: 86400 # 24 hours
|
|
f2b_recidive_findtime: 86400 # 24 hours
|
|
f2b_recidive_maxretry: 3
|
|
f2b_ipset_name: f2b-blacklist
|
|
f2b_bantime_increment: true
|
|
f2b_bantime_factor: 2
|
|
f2b_bantime_max: 86400
|