initial commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-27 15:09:25 -07:00 · 2026-02-27 15:09:25 -07:00 · 75891c3271
commit 75891c3271
129 changed files with 8046 additions and 0 deletions
--- a/roles/fail2ban/files/jail.d/caddy.conf
+++ b/roles/fail2ban/files/jail.d/caddy.conf
@ -0,0 +1,16 @@
+[caddy-scanners]
+enabled = true
+journalmatch = CONTAINER_NAME=caddy
+filter = caddy-scanners
+maxretry = 3
+findtime = 10m
+bantime = 24h
+
+# high maxretry/short bantime: Grafana auth can be slow; strict limits cause false positives
+[caddy-auth]
+enabled = true
+journalmatch = CONTAINER_NAME=caddy
+filter = caddy-auth
+maxretry = 40
+findtime = 10m
+bantime = 1h
--- a/roles/fail2ban/files/jail.d/forgejo.conf
+++ b/roles/fail2ban/files/jail.d/forgejo.conf
@ -0,0 +1,8 @@
+[forgejo]
+enabled = true
+backend = systemd
+journalmatch = CONTAINER_NAME=forgejo
+filter = forgejo-auth
+maxretry = 5
+findtime = 10m
+bantime = 24h
--- a/roles/fail2ban/files/jail.d/mailserver.conf
+++ b/roles/fail2ban/files/jail.d/mailserver.conf
@ -0,0 +1,9 @@
+[mailserver]
+enabled = true
+backend = systemd
+journalmatch = CONTAINER_NAME=mailserver
+filter = docker-mailserver
+maxretry = 5
+findtime = 10m
+bantime = 24h
+