Skip to content

Allow for custom fail2ban.local#144

Open
FinweVI wants to merge 1 commit intogeerlingguy:masterfrom
FinweVI:master
Open

Allow for custom fail2ban.local#144
FinweVI wants to merge 1 commit intogeerlingguy:masterfrom
FinweVI:master

Conversation

@FinweVI
Copy link

@FinweVI FinweVI commented Jun 15, 2025

No description provided.

trifisch
trifisch reviewed Sep 25, 2025
View reviewed changes
tasks/fail2ban.yml
@@ -25,6 +25,7 @@
- name: Copy fail2ban custom configuration file into place.
template:
src: fail2ban.local.j2
Copy link

@trifisch trifisch Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line src: fail2ban.local.j2 needs to removed. Then it should work.

trifisch
trifisch reviewed Sep 25, 2025
View reviewed changes
defaults/main.yml
security_fail2ban_enabled: true
security_fail2ban_custom_configuration_template: "jail.local.j2"
security_fail2ban_custom_jail_template: "jail.local.j2"
security_fail2ban_custom_configuration_template: "fail2ban.local.j2"
Copy link

@trifisch trifisch Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, the variable name security_fail2ban_custom_configuration_template seems to be good for fail2ban.local. Nevertheless, for backward compatibility it would be better to keep it for the jail.local and create a new variable for the fail2ban.local config.

Proposal:

security_fail2ban_custom_fail2ban_local_template: "fail2ban.local.j2"
security_fail2ban_custom_configuration_template: "jail.local.j2"

In this case only the line

src: fail2ban.local.j2

needs to be changed to

src: "{{ security_fail2ban_custom_fail2ban_local_template }}"

in file tasks/fail2ban.yml

Copy link

@PascalKont PascalKont Dec 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this creates unnecessary confusion, or rather continues the existing confusion in the variable names.
How about creating two new variables, without the custom in the name and removing the old vars content:

Suggested change
security_fail2ban_custom_configuration_template: "fail2ban.local.j2"
security_fail2ban_jail_template: "jail.local.j2"
security_fail2ban_configuration_template: "fail2ban.local.j2"
# Deprecated variable, please dont't use it anymore:
# security_fail2ban_custom_configuration_template: "jail.local.j2"

Finally, adding a deprecation warning task. Which at some point could be changed to be a fail:

- name: Assert for deprecated variable
  assert:
    quiet: true
    that:
      - security_fail2ban_custom_configuration_template is not defined
    fail_msg: |
      [DEPRECATION WARNING]: security_fail2ban_custom_configuration_template is deprecated
      Origin: {{ role_path }}

      Use `security_fail2ban_jail_template` instead.
  ignore_errors: true
  register: deprecated_variable

- name: Set value of deprecated_variable into correct variable
  set_fact:
    security_fail2ban_jail_template: "{{ security_fail2ban_custom_configuration_template }}"
  when:
    - deprecated_variable.failed is true

I have implemented this in my branch here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@trifisch trifisch trifisch left review comments

@PascalKont PascalKont PascalKont left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FinweVI @trifisch @PascalKont