Add fail2ban Support

conf/f2b_filter.conf

@@ -0,0 +1,6 @@
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = <HOST> .* .POST __PATH_URL__.*auth/sign_in HTTP/.... 401
+ignoreregex =
+datepattern = %%d/%%b/%%Y:%%H:%%M:%%S

conf/f2b_jail.conf

@@ -0,0 +1,6 @@
+[__APP__]
+enabled = true
+port = http,https
+filter = __APP__
+logpath = /var/log/nginx/__DOMAIN__-access.log
+maxretry = 5

scripts/backup

@@ -56,10 +56,10 @@ ynh_mysql_dump_db --database="$db_name" > db.sql
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
-#ynh_print_info "Backing up fail2ban configuration..."
+ynh_print_info "Backing up fail2ban configuration..."
 
-#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 
 #=================================================
 # SPECIFIC BACKUP

scripts/change_url

@@ -113,7 +113,20 @@ ynh_script_progression --message="Modifying a config file..." --weight=1
 
 config_file="$final_path/live/.env"
 ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=$old_path" --replace_string="RAILS_RELATIVE_URL_ROOT=$new_path" --target_file="$config_file"
+
 #=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Configuring fail2ban..."  --time --weight=1
+
+domain=$new_domain
+path_url=$new_path
+# Create a dedicated fail2ban config
+touch "/var/log/$app/$app.log"
+ynh_add_fail2ban_config --use_template --others_var="\
+	domain \
+	path_url \
+	"
 
 #=================================================
 # GENERIC FINALISATION

scripts/install

@@ -59,7 +59,6 @@ port=$(ynh_find_port --port=3000)
 # Open the port
 ynh_app_setting_set --app=$app --key=port --value=$port
 
-
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
@@ -82,7 +81,6 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
 #=================================================
 ynh_script_progression --message="Setting up source files..."  --weight=2
 
-
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 mkdir -p $final_path
@@ -207,10 +205,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
-#ynh_script_progression --message="Configuring fail2ban..."  --time --weight=1
+ynh_script_progression --message="Configuring fail2ban..."  --time --weight=1
 
 # Create a dedicated fail2ban config
-#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+touch "/var/log/$app/$app.log"
+ynh_add_fail2ban_config --use_template --others_var="\
+	domain \
+	path_url \
+	"
 
 #=================================================
 # SETUP SSOWAT

scripts/remove

@@ -99,10 +99,10 @@ fi
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
-#ynh_script_progression --message="Removing fail2ban configuration..."  --weight=1
+ynh_script_progression --message="Removing fail2ban configuration..."  --weight=1
 
 # Remove the dedicated fail2ban config
-#ynh_remove_fail2ban_config
+ynh_remove_fail2ban_config
 
 #=================================================
 # SPECIFIC REMOVE

scripts/restore

@@ -83,15 +83,6 @@ chown -R $app: "$final_path/live/tmp/"
 mkdir -p "/var/log/$app"
 chown -R $app: "/var/log/$app"
 
-#=================================================
-# RESTORE FAIL2BAN CONFIGURATION
-#=================================================
-#ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=1
-
-#ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
-#ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
-#ynh_systemd_action --action=restart --service_name=fail2ban
-
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
@@ -102,7 +93,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=17
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 
-
 #=================================================
 # INSTALLING RUBY
 #=================================================
@@ -149,6 +139,16 @@ ynh_script_progression --message="Configuring log rotation..."  --weight=1
 
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=
+
+touch "/var/log/$app/$app.log"
+ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
+ynh_systemd_action --action=restart --service_name=fail2ban
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -237,10 +237,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
-#ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1
+ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1
 
 # Create a dedicated fail2ban config
-#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+touch "/var/log/$app/$app.log"
+ynh_add_fail2ban_config --use_template --others_var="\
+	domain \
+	path_url \
+	"
 
 #=================================================
 # SETUP SSOWAT