171cbfbb32
Progress on Issue #2: Ansible Base Configuration Completed: - ✅ Ansible installed via pipx (isolated Python environment) - ✅ Hetzner Cloud dynamic inventory configured - ✅ Ansible configuration (ansible.cfg) - ✅ Common role for base system hardening: - SSH hardening (key-only, no root password) - UFW firewall configuration - Fail2ban for SSH protection - Automatic security updates - Timezone and system packages - ✅ Comprehensive Ansible README with setup guide Architecture Updates: - Added Decision #15: pipx for isolated Python environments - Updated ADR changelog with pipx adoption Still TODO for #2: - Docker role - Traefik role - Setup playbook - Deploy playbook - Testing against live server Files added: - ansible/README.md - Complete Ansible guide - ansible/ansible.cfg - Ansible configuration - ansible/hcloud.yml - Hetzner dynamic inventory - ansible/roles/common/* - Base hardening role Partial progress on #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
18 lines
425 B
Django/Jinja
18 lines
425 B
Django/Jinja
# Fail2ban configuration
|
|
# Managed by Ansible - do not edit manually
|
|
|
|
[DEFAULT]
|
|
bantime = {{ common_fail2ban_bantime }}
|
|
findtime = {{ common_fail2ban_findtime }}
|
|
maxretry = {{ common_fail2ban_maxretry }}
|
|
|
|
# Email notifications (disabled by default)
|
|
# destemail = root@localhost
|
|
# sendername = Fail2Ban
|
|
# mta = sendmail
|
|
|
|
[sshd]
|
|
enabled = true
|
|
port = {{ common_ssh_port }}
|
|
logpath = %(sshd_log)s
|
|
backend = %(sshd_backend)s
|