Include fail2ban conf

manifest.json

@@ -6,7 +6,7 @@
         "en": "Browsing, reading and downloading eBooks using a Calibre database",
         "fr": "Explorer, lire et télécharger des eBooks à partir d'une base de données Calibre"
     },
-    "version": "0.96.19~ynh5",
+    "version": "0.96.19~ynh6",
     "url": "https://github.com/janeczku/calibre-web",
     "upstream": {
         "version": "0.6.19",

scripts/backup

@@ -65,6 +65,14 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_backup --src_path="/etc/logrotate.d/$app"
 
+
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # BACKUP SYSTEMD
 #=================================================

scripts/install

@@ -184,8 +184,8 @@ ynh_app_setting_set $app calibre_dir $calibre_dir
 #=================================================
 
 # Use logrotate to manage application logfile(s)
-ynh_use_logrotate --logfile="/var/log/$app/$app.log"
-ynh_use_logrotate --logfile="/var/log/$app/$app-access.log"
+ynh_use_logrotate --logfile="$log_file"
+ynh_use_logrotate --logfile="/var/log/$app/$access_log_file"
 chown -R $app:$app /var/log/$app
 
 
@@ -211,7 +211,7 @@ ynh_replace_string --match_string="<policy domain="coder" rights="none" pattern=
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description="Browse eBook in the web" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="Browse eBook in the web" --log="$log_file"
 
 
 #=================================================
@@ -225,6 +225,20 @@ chmod 740 $final_path
 chown -R $app: /opt/kepubify
 chmod 770 /opt/kepubify/kepubify-linux-$mach
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
+
+# Make sure a log file exists (mostly for CI tests)
+if [ ! -f "$log_file" ]; then
+	touch "$log_file"
+	chown $app: "$log_file"
+fi
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*LDAP Login failed for user .* IP-address: <HOST>.*$" --max_retry=5
+
 #=================================================
 # SETUP SSOWAT
 #=================================================

scripts/remove

@@ -96,6 +96,14 @@ ynh_remove_nginx_config
 ynh_script_progression --message="Removing logrotate configuration..." --weight=1
 ynh_remove_logrotate
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
+
+# Remove the dedicated Fail2Ban config
+ynh_remove_fail2ban_config
+
 #=================================================
 # CLOSE A PORT
 #=================================================

scripts/restore

@@ -104,7 +104,7 @@ systemctl enable $app.service --quiet
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description="Browse eBook in the web" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="Browse eBook in the web" --log="$log_file"
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
@@ -163,6 +163,22 @@ ynh_replace_string --match_string="<policy domain="coder" rights="none" pattern=
 # Remove the option backup_core_only if it's in the settings.yml file
 ynh_app_setting_delete $app backup_core_only
 
+
+#=================================================
+# RESTORE THE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=7
+
+ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+
+if [ ! -f "$log_file" ]; then
+	touch "$log_file"
+	chown $app: "$log_file"
+fi
+
+ynh_systemd_action --action=restart --service_name=fail2ban
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -249,8 +249,8 @@ ynh_replace_string --match_string="<policy domain="coder" rights="none" pattern=
 
 # Use logrotate to manage app-specific logfile(s)
 ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
-ynh_use_logrotate --logfile="/var/log/$app/$app.log" --nonappend
-ynh_use_logrotate --logfile="/var/log/$app/$app-access.log" --nonappend
+ynh_use_logrotate --logfile="$log_file" --nonappend
+ynh_use_logrotate --logfile="$access_log_file" --nonappend
 
 
 
@@ -276,7 +276,23 @@ chown -R $app: /opt/kepubify
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description="Browse eBook in the web" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="Browse eBook in the web" --log="$log_file"
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
+
+
+# Make sure a log file exists (mostly for CI tests)
+if [ ! -f "$log_file" ]; then
+	touch "$log_file"
+	chown $app: "$log_file"
+fi
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*LDAP Login failed for user .* IP-address: <HOST>.*$" --max_retry=5
+
 
 #=================================================
 # RELOAD NGINX