portalapi: propagate changes to fail2ban config

conf/fail2ban/yunohost-jails.conf

@@ -31,3 +31,12 @@ protocol = tcp
 filter   = yunohost
 logpath  = /var/log/nginx/*error.log
            /var/log/nginx/*access.log
+
+[yunohost-portal]
+enabled  = true
+port     = http,https
+protocol = tcp
+filter   = yunohost-portal
+logpath  = /var/log/nginx/*error.log
+           /var/log/nginx/*access.log
+maxretry = 20

conf/fail2ban/yunohost-portal.conf

@@ -0,0 +1,3 @@
+[Definition]
+failregex = ^<HOST> -.*\"POST /yunohost/portalapi/login HTTP/\d.\d\" 401
+ignoreregex =

conf/fail2ban/yunohost.conf

@@ -1,24 +1,3 @@
-# Fail2Ban configuration file
-#
-# Author: Adrien Beudin
-#
-# $Revision: 2 $
-#
-
 [Definition]
-
+failregex = ^<HOST> -.*\"POST /yunohost/api/login HTTP/\d.\d\" 401
-# Option:  failregex
-# Notes.:  regex to match the password failure messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = helpers.lua:[0-9]+: authenticate\(\): Connection failed for: .*, client: <HOST>
-            ^<HOST> -.*\"POST /yunohost/api/login HTTP/\d.\d\" 401
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
 ignoreregex =

hooks/conf_regen/52-fail2ban

@@ -14,6 +14,7 @@ do_pre_regen() {
     mkdir -p "${fail2ban_dir}/jail.d"
 
     cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf"
+    cp yunohost-portal.conf "${fail2ban_dir}/filter.d/yunohost-portal.conf"
     cp postfix-sasl.conf "${fail2ban_dir}/filter.d/postfix-sasl.conf"
     cp jail.conf "${fail2ban_dir}/jail.conf"