Change the way to manage the jail and filter file and improve documentations

Using a template file make more easy to use a custom failregex.
It also give the possiblitity to use custom settings in the fail2ban config

data/helpers.d/backend

@@ -186,59 +186,85 @@ ynh_remove_fpm_config () {
 
 # Create a dedicated fail2ban config (jail and filter conf files)
 #
-# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
+# usage: ynh_add_fail2ban_config "list of others variables to replace"
-# | arg: -l, --logpath= - Log file to be checked by fail2ban
+#
-# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
+# | arg: list of others variables to replace separeted by a space
-# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
+# |      for example : 'var_1 var_2 ...'
-# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
+#
+# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
+#   __APP__      by  $app
+#
+#  You can dynamically replace others variables by example :
+#   __VAR_1__    by $var_1
+#   __VAR_2__    by $var_2
+#
+# Note about the "failregex" option:
+#          regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+#
+#          You can find some more explainations about how to make a regex here :
+#          https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
+#
+# Note that the logfile need to exist before to call this helper !!
+#
+# Generally your template will look like that by example (for synapse):
+#
+# f2b_jail.conf:
+#     [__APP__]
+#     enabled = true
+#     port = http,https
+#     filter = __APP__
+#     logpath = /var/log/__APP__/logfile.log
+#     maxretry = 3
+#
+# f2b_filter.conf:
+#     [INCLUDES]
+#     before = common.conf
+#     [Definition]
+#
+#     # Part of regex definition (just used to make more easy to make the global regex)
+#     __synapse_start_line = .? \- synapse\..+ \-
+#
+#    # Regex definition.
+#    failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
+#
+#     ignoreregex =
+#
+# To validate your regex you can test with this command:
+# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
 ynh_add_fail2ban_config () {
-  # Declare an array to define the options of this helper.
+  local others_var=${1:-}
-  declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= )
-  local logpath
-  local failregex
-  local max_retry
-  local ports
-  # Manage arguments with getopts
-  ynh_handle_getopts_args "$@"
-  max_retry=${max_retry:-3}
-  ports=${ports:-http,https}
-
-  test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
-  test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
 
   finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
   finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
-  ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
+  ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
-  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
+  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
 
-  tee $finalfail2banjailconf <<EOF
+  cp ../conf/f2b_jail.conf $finalfail2banjailconf
-[$app]
+  cp ../conf/f2b_filter.conf $finalfail2banfilterconf
-enabled = true
-port = $ports
-filter = $app
-logpath = $logpath
-maxretry = $max_retry
-EOF
 
-  tee $finalfail2banfilterconf <<EOF
+  if test -n "${app:-}"; then
-[INCLUDES]
+    ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
-before = common.conf
+    ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
-[Definition]
+  fi
-failregex = $failregex
+
-ignoreregex =
+  # Replace all other variable given as arguments
-EOF
+  for var_to_replace in $others_var; do
+    # ${var_to_replace^^} make the content of the variable on upper-cases
+    # ${!var_to_replace} get the content of the variable named $var_to_replace
+    ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
+    ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
+  done
 
   ynh_store_file_checksum "$finalfail2banjailconf"
   ynh_store_file_checksum "$finalfail2banfilterconf"
 
-  if [ "$(lsb_release --codename --short)" != "jessie" ]; then
+  systemctl try-reload-or-restart fail2ban
-    systemctl reload fail2ban
+
-  else
-    systemctl restart fail2ban
-  fi
   local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
-  if [ -n "$fail2ban_error" ]
+  if [[ -n "$fail2ban_error" ]]; then
-  then
     echo "[ERR] Fail2ban failed to load the jail for $app" >&2
     echo "WARNING${fail2ban_error#*WARNING}" >&2
   fi
@@ -250,9 +276,5 @@ EOF
 ynh_remove_fail2ban_config () {
   ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
   ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
-  if [ "$(lsb_release --codename --short)" != "jessie" ]; then
+  systemctl try-reload-or-restart fail2ban
-    systemctl reload fail2ban
-  else
-    systemctl restart fail2ban
-  fi
 }