gravityfargo/modernleft-docs
1
0
Fork 0
Code Issues 1 Activity

Initial commit after history reset

Browse source
This commit is contained in:
Nathan Price 2025-01-19 03:10:39 -05:00
commit 2052520a90
Signed by: gravityfargo
SSH key fingerprint: SHA256:bjq+uA1U+9bFMd70q2wdNtwaYxGv84IBXalnYvZDKmg
18 changed files with 1223 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.obsidian/

115
Docker Images/bluesky-pds.md Normal file
View file

@ -0,0 +1,115 @@
---
title: bluesky-pds
draft: false
date: 2025-01-18
---
| | |
| ---------------------------- | ---------------------------------------------------------------------------------------------- |
| Official bluesky-pds project | [GitHub - bluesky-social/pds](https://github.com/bluesky-social/pds) |
| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/bluesky-pds/latest) |
| Image on Dockerhub | [Dockerhub](https://hub.docker.com/r/gravityfargo/bluesky-pds) |
| Image Source | [Forgejo](https://code.modernleft.org/gravityfargo/bluesky-pds-docker) |
| Issue Tracker | [GitHub - gravityfargo/bluesky-pds-docker](https://github.com/gravityfargo/bluesky-pds-docker) |
```bash
docker pull code.modernleft.org/gravityfargo/bluesky-pds:latest
```
---
A self-contained Docker image for the [Bluesky PDS (Personal Data Server) ](https://github.com/bluesky-social/pds) for use with Traefik. This image is pinned to v0.4.74.
It is required to run the instance behind a proxy (like [Traefik](https://doc.traefik.io/traefik/)) to generate SSL certificates. This will not work otherwise. The standard pds install includes caddy to handle this. A wildcard DNS assignment along with a wildcard SSL certificate is required. I use Cloudflare for this, see the screenshot below.
This is not intended for production, and I am not responsible for any data loss or security issues. This is a personal project, and I am not affiliated with Bluesky.
> [!warning] Data Warning
> Before changing images, upgrading, or any other modification always backup your data!
### Requirements
I haven't verified these are the minimum requirements, but they are what I found to be necessary during development. I probably had some dependencies installed already.
#### Manjaro/Arch
```bash
sudo pacman -S jq
```
#### Debian/Ubuntu
```bash
sudo apt install make xxd
```
### Setup
Generate secrets and add them to `.env` file.
See [example.env](https://code.modernleft.org/gravityfargo/bluesky-pds-docker/src/branch/main/example.env) as an example.
```bash
# Generate secret environment variables
echo PDS_ADMIN_PASSWORD: $(openssl rand --hex 16)
echo PDS_JWT_SECRET: $(openssl rand --hex 16)
echo PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: $(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
```
### Docker Compose Setup
Full list of additional Environment Variables provided by bluesky upstream can be found in the
[packages/pds/src/config/env.ts](https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts)
If you'd like to learn more about my docker setup, head over to [[getting started|Docker - Getting Started]]
By default, the image uses 1000:1000 as the UID:GID for the user. This can be changed by setting the `PUID` and `PGID` environment variables.
The compose element `hostname` must be the same value as `PDS_HOSTNAME`.
![[traefik]]
Optionally, you can use the [[middleware|BlueskyHeaders]] middleware to set headers.
---
I do not run this, but it should be possible.
![[standalone]]
### Running Commands
Nothing has changed in this department, other than not needing `sudo`. The commands are the same as the upstream project. Such as
- [Creating an account using pdsadmin](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-pdsadmin)
- [Creating an account using an invite code](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-an-invite-code)
```bash
docker exec -it bluesky-pds bash
pdsadmin account create
pdsadmin create-invite-code
```
> [!danger] Update Warning
> Do not under any circumstances update the image using `pdsadmin update`. I have not tested this, and it may break the image. Submit an
> [issue to my repository](https://github.com/gravityfargo/bluesky-pds-docker) requesting an update,
> and I will update this image and pin the pds to the new version.
### Cloudflare DNS
After various testing, I have figured out two things.
1. In order for email verification to work, you cannot have the DNS Proxy enabled or `AAAA` records active.
2. After you have verified emails, and do not intend to use the email feature, you can re-enable the DNS Proxy and `AAAA` records.
![[cloudflare.png]]
## SMTP
I use protonmail for my SMTP server. You can use any SMTP server you like, but I figured I'd share this information.
These are the environment variables I use.
```
PDS_EMAIL_SMTP_URL: smtp://user@example.com:TOKEN@smtp.protonmail.ch:587/
PDS_EMAIL_FROM_ADDRESS: user@example.com
```

BIN
Docker Images/bluesky-pds/cloudflare.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 22 KiB

21
Docker Images/bluesky-pds/middleware.md Normal file
View file

@ -0,0 +1,21 @@
#### Middleware
I think file configs are cleaner than having a billion labels. This is not required, but it's nice to have.
```yaml
# middleware.yaml
http:
middlewares:
BlueskyHeaders:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
- POST
- DELETE
accessControlAllowHeaders: "*"
accessControlAllowOriginList: "*"
addVaryHeader: true
stsSeconds: 63072000
```

24
Docker Images/bluesky-pds/standalone.md Normal file
View file

@ -0,0 +1,24 @@
```yaml title="docker-compose.yml"
# Standalone, you'll need to add a proxy in front of this with SSL.
services:
bluesky-pds:
container_name: bluesky-pds
hostname: example.com
extra_hosts:
- "example.com:0.0.0.0" # domain:external_ip
image: code.modernleft.org/gravityfargo/bluesky-pds:latest
environment:
# Define variables here or in a .env file
PDS_JWT_SECRET: ...
PDS_ADMIN_PASSWORD: ...
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ...
PDS_HOSTNAME: example.com
PDS_EMAIL_SMTP_URL: ""
PDS_EMAIL_FROM_ADDRESS: ""
PUID: 1000
PGID: 1001
volumes:
- ./bluesky-pds:/pds
```

41
Docker Images/bluesky-pds/traefik.md Normal file
View file

@ -0,0 +1,41 @@
---
title: bluesky-pds
draft: false
date: 2025-01-18
---
```yaml title="docker-compose.yml"
# Traefik Proxy
services:
bluesky-pds:
container_name: bluesky-pds
image: code.modernleft.org/gravityfargo/bluesky-pds:latest
hostname: example.com
extra_hosts:
- "example.com:0.0.0.0" # domain:external_ip
networks:
- proxy
environment:
# Define variables here or in a .env file
PDS_JWT_SECRET: ...
PDS_ADMIN_PASSWORD: ...
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ...
PDS_HOSTNAME: example.com
PDS_EMAIL_SMTP_URL: smtps://resend:<your api key here>@smtp.resend.com:465/
PDS_EMAIL_FROM_ADDRESS: admin@example.com
PUID: 1000
PGID: 1001
volumes:
- ./bluesky-pds:/pds
labels:
traefik.enable: "true"
traefik.http.routers.bluesky-pds-insecure.entrypoints: http
traefik.http.routers.bluesky-pds-insecure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`)
# traefik.http.routers.bluesky-pds-insecure.middlewares: BlueskyHeaders@file
traefik.http.routers.bluesky-pds-secure.entrypoints: https
traefik.http.routers.bluesky-pds-secure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`)
traefik.http.routers.bluesky-pds-secure.tls: "true"
traefik.http.services.bluesky-pds.loadbalancer.server.scheme: http
traefik.http.services.bluesky-pds.loadbalancer.server.port: 3000
# traefik.http.routers.bluesky-pds-secure.middlewares: BlueskyHeaders@file
```

113
Docker Images/quartz.md Normal file
View file

@ -0,0 +1,113 @@
---
title: quartz
draft: false
date: 2025-01-16
---
| | |
| ----------------------- | ---------------------------------------------------------------------------------------------- |
| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/quartz-docker/v4.4.0) |
| Official quartz project | [GitHub - jackyzha0/quartz](https://github.com/jackyzha0/quartz) |
| Image Source | [Forgejo - gravityfargo/quartz-docker](https://code.modernleft.org/gravityfargo/quartz-docker) |
| Issue Tracker | |
```bash
docker pull code.modernleft.org/gravityfargo/quartz-docker:v4.4.0
```
---
This project runs Quartz v4.4.0, a fast, batteries-included static site generator, inside a Docker container. It transforms Markdown content into a fully functional website.
While Quartz provides [Docker support](https://quartz.jzhao.xyz/features/Docker-Support), it is not as self contained as this project.
There is no support for SSL or any other features that are not directly related to building the site. I run everything behind traefik, so I don't need it.
## 🐳 Docker Compose Setup
Create a data directory
```bash
mkdir -p /srv/quartz
```
```yaml title="docker-compose.yml"
services:
quartz-wiki:
container_name: quartz-wiki
image: code.modernleft.org/gravityfargo/quartz-docker:dev
ports:
- 80:80
environment:
USER_ID: 1000
GROUP_ID: 1001
SERVER_NAME: "docs.modernleft.org"
ENABLE_CRON: "true"
BUILD_SCHEDULE: "*/30 * * * *"
CONTENT_REPO: "https://code.modernleft.org/gravityfargo/modernleft-docs.git"
volumes:
- /srv/quartz:/quartz
```
**First Run**
```bash
docker-compose up -d
docker stop quartz-wiki
```
On first run, the container will download the necessary dependencies, build the site, and download the content repository.
After that, you can configure whatever you would like in `/srv/quartz/src` using the stock options found in the quartz [documentation](https://quartz.jzhao.xyz/configuration) Bare minimum should be `baseUrl` and `pageTitle`.
🥳 Done! 🎉
## Manually Building the Site
If you don't use the cron job, and don't feel like restarting the container, you can build the site manually.
```bash
docker exec -it quartz-wiki bash
#
cd /quartz/content/ && git restore . && git pull
cd /quartz/src/ && npx quartz build
```
## ⚙️ Configuration
**cron**
This is the an equivalent command to the cron job.
```bash
cd /quartz/content
git restore .
git pull
cd /quartz/src &
npx quartz build
echo 'Content Updated.'
```
Setting `ENABLE_CRON` to `true` and defining `BUILD_SCHEDULE` performs these actions.
If you need help configuring [Crontab.guru - The cron schedule expression generator](https://crontab.guru/) is a useful tool for that
Example:
```yaml
environment:
ENABLE_CRON: "true"
BUILD_SCHEDULE: "*/1 * * * *" # Runs every minute
```
### Environment Variables
| Variable | Description | Default Value |
| -------------------- | ---------------------------------------------------- | ---------------------------------------------------- |
| `USER_ID`/`GROUP_ID` | UID/GID that` /quartz` will be chown'd to on startup | `1000`:`1000` |
| `NGINX_PORT` | Port for the Nginx server | `80` |
| `SERVER_NAME` | NGINX server name | `quartz.zhao.xyz` |
| `ENABLE_CRON` | Enables scheduled builds (`true` or `false`) | `false` |
| `BUILD_SCHEDULE` | Cron expression for scheduling site builds | `"*/10 * * * *"` every 10 min |
| `CONTENT_REPO` | URL of the content repository | `https://code.modernleft.org/gravityfargo/empty.git` |
> [!NOTE] > `CONTENT_REPO` Must use https, not git.

33
Docker Images/quartz/Developing with Quartz.md Normal file
View file

@ -0,0 +1,33 @@
---
title: Developing with Quartz
draft: false
date: 2025-01-17
---
This container is also good for quickly developing components for Quartz. It is a good way to test things out without having to install anything on your local machine, and a simple `make run` -> `ctrl-c` -> `up arrow` -> `enter` is all you need to see your changes.
I keep all of my projects in `~/Repositories`, so I would do this:
Link my primary development folder to the container repo's source folder:
```bash
cd ~/Repositories
git clone git@git.modernleft.org:gravityfargo/quartz-docker.git
git clone git@github.com:jackyzha0/quartz.git
```
Then mount the quartz directory to the development docker-compose file:
```yaml
volumes:
- ~/Repositories/quartz:/quartz/src
```
Then, you can run the container with the following command:
```bash
cd ~/Repositories/quartz-docker
make run
```
If 200+ files are claiming to be modified, you may need to disable filemode checking:
```bash
git config core.fileMode false
```

17
Tutorials/Docker/Proxy Network.md Normal file
View file

@ -0,0 +1,17 @@
---
title: Proxy Network
draft: true
date: 2025-01-18
---
```json title="/etc/docker/daemon.json"
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
```
```bash
sudo systemctl reboot
docker network create --subnet=192.168.1.0/24 --ipv6 --attachable proxy
```

5
Tutorials/Docker/getting started.md Normal file
View file

@ -0,0 +1,5 @@
---
title: Getting Started
draft: true
date: 2025-01-18
---

23
Tutorials/Traefik/CloudFlare.md Normal file
View file

@ -0,0 +1,23 @@
---
title: CloudFlare
draft: true
date: 2025-01-18
---
Disable:
- Always Use HTTPS
- Automatic HTTPS Rewrites
Enable:
- gRPC
- Pseudo IPv4 (headers)
If you have A and AAAA then the plugin `github.com/Paxxs/traefik-get-real-ip`
192.168.1.20 - - [19/Jan/2025:01:01:32 +0000] "GET /static/contentIndex.json HTTP/1.1" 304 0 "[https://docs.modernleft.org/"](https://docs.modernleft.org/"); "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" "2603:7080:f400:ed43:939f:266:9bef:e628, 172.71.255.28"
192.168.1.20 - proxy
172.71.255.28 - cloudflare ipv4
2603:7080:f400:ed43:939f:266:9bef:e628 - the actual user's ip
"Pseudo IPv4" is needed for this

21
index.md Normal file
View file

@ -0,0 +1,21 @@
---
title: Home
draft: false
date: 2025-01-16
---
Welcome to the ModernLeft Documentation!
This is a consolidated wiki for most of my projects.
---
## Docker Containers
### [[quartz]]
Simply [quartz](https://quartz.jzhao.xyz/), in a docker container. This wiki is running on it.
### [[bluesky-pds]]
A self-contained Docker image for the [Bluesky PDS (Personal Data Server)](https://github.com/bluesky-social/pds) for use with Traefik.

6
templates/primary.md Normal file
View file

@ -0,0 +1,6 @@
---
title: ModernLeft - CHANGEME
draft: false
date: <% tp.file.creation_date("YYYY-MM-DD") %>
---

96
utilities/fail2ban-manager.md Normal file
View file

@ -0,0 +1,96 @@
---
title: fail2ban-manager
draft: true
date: 2025-01-16
---
An extensible CLI tool for managing [fail2ban](https://github.com/fail2ban/fail2ban).
- [Introduction](#introduction)
- [Working with Jails](#working-with-jails)
- [Plugins](#plugins)
- [Cloudflare](#cloudflare)
- [Plugin: Hetzner](#plugin-hetzner)
- [Plugin: Telegram](#plugin-telegram)
- [Credits](#credits)
## Introduction
Source Code hosted on my [Forgejo instance](https://forgejo.gravityfargo.dev/gravityfargo/fail2ban-manager). Registration is enabled for the public with GitHub via Authentik.
Any issues and feature requests can be submitted here on GitHub.
This tool is designed to make managing fail2ban easier without the need to edit configuration files. It is designed to be extensible via plugins, and easy to use.
## Working with Jails
## Plugins
### Cloudflare
> Ban an IP address using IP Rules in [Cloudflare WAF](https://developers.cloudflare.com/waf/tools/ip-access-rules/create/). Jails are configured create rules in a specific DNS zone. Bans are cached in a database for fail2ban's check action to use.
| Notes | |
| -------------------- | ----------------------------------------------------------------- |
| Typer generated docs | [Link](man/cloudflare.md) |
| Provided via | [Officicial SDK](https://github.com/cloudflare/cloudflare-python) |
---
https://github.com/Paxxs/traefik-get-real-ip
| Variable | Purpose |
| ---------------------- | ----------------------------------------- |
| `CLOUDFLARE_EMAIL` | Email address for Cloudflare account |
| `CLOUDFLARE_API_TOKEN` | Token with permissions to manage IP Rules |
1. Enable the Cloudflare plugin
```bash
f2bm plugin enable cloudflare
```
1. Create an [API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/)
2. Get the [Zone ID](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) from Cloudflare and create a zone in the database
```bash
f2bm cloudflare create-zone 11111111111111111111111111111111 example.com
```
### Plugin: Hetzner
> Whitelist ip addresses in the [Hetzner](https://www.hetzner.com/) cloud firewall, and bulk whitelist Cloudflare IP addresses.
| Notes | |
| -------------------- | --------------------------------------------------------------- |
| Typer generated docs | [Link](man/hetzner.md) |
| Provided via | [Officicial SDK](https://github.com/hetznercloud/hcloud-python) |
---
1. Enable the Hetzner plugin
```bash
f2bm plugin enable hetzner
```
2. Create an [API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/)
### Plugin: Telegram
> Send a message to a Telegram chat. Custom messages per-jail are supported as well as seperate groups for each jail.
| Notes | |
| -------------------- | ----------------------------------------------------------------- |
| Typer generated docs | [Link](man/telegram.md) |
| Provided via | [Rest API](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) |
---
## Credits
- [Typer](https://github.com/fastapi/typer), build great CLIs. Easy to code. Based on Python type hints.
- [Rich](https://github.com/Textualize/rich) is a Python library for rich text and beautiful formatting in the terminal.
- [envoyer](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) Stupid simple notifications library. (My Project)

274
utilities/fail2ban-manager/base.md Normal file
View file

@ -0,0 +1,274 @@
---
title: fail2ban-manager plugin
draft: true
date: 2025-01-16
---
**Usage**:
```console
$ fail2ban-manager [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--install-completion`: Install completion for the current shell.
- `--show-completion`: Show completion for the current shell, to copy it or customize the installation.
- `--help`: Show this message and exit.
**Commands**:
- `jail`: Configure Fail2ban jails.
- `config`: Configure fail2ban-manager's configuration.
- `plugin`: Configure fail2ban-manager's plugins.
## `fail2ban-manager jail`
Configure Fail2ban jails.
**Usage**:
```console
$ fail2ban-manager jail [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--help`: Show this message and exit.
**Commands**:
- `ls`: List all defined jails.
- `enable`: Enable a jail.
- `disable`: Disable a jail.
- `info`: Display information about a jail.
- `edit`: Edit the properties of a jail.
### `fail2ban-manager jail ls`
List all defined jails.
**Usage**:
```console
$ fail2ban-manager jail ls [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager jail enable`
Enable a jail.
**Usage**:
```console
$ fail2ban-manager jail enable [OPTIONS] NAME
```
**Arguments**:
- `NAME`: [required]
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager jail disable`
Disable a jail.
**Usage**:
```console
$ fail2ban-manager jail disable [OPTIONS] NAME
```
**Arguments**:
- `NAME`: [required]
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager jail info`
Display information about a jail.
**Usage**:
```console
$ fail2ban-manager jail info [OPTIONS] NAME
```
**Arguments**:
- `NAME`: [required]
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager jail edit`
Edit the properties of a jail.
**Usage**:
```console
$ fail2ban-manager jail edit [OPTIONS] NAME
```
**Arguments**:
- `NAME`: Name of the jail. [required]
**Options**:
- `--backend TEXT`: The backend used to get file modifications.
Options: .
- `--bantime-increment`: Enable searching previously banned IPs to increment the ban time.
- `--bantime-rndtime INTEGER`: Add random time (in seconds) to the calculated ban time.
- `--bantime-maxtime INTEGER`: Maximum ban time (in seconds) that can be reached.
- `--bantime-factor FLOAT`: Factor used for exponential growth of ban time.
- `--bantime-formula TEXT`: Custom formula for calculating the next ban time.
- `--bantime-multipliers TEXT`: Custom multipliers for calculating the next ban time (e.g., 1 5 30 60).
- `--bantime-overalljails`: Search for banned IPs across all jails (default: false).
- `--ignoreself`: Ignore local/own IP addresses (default: true).
- `--ignoreip TEXT`: List of IPs, CIDR masks, or DNS hosts to ignore.
Example: &quot;127.0.0.1/8 ::1&quot;
- `--ignorecommand TEXT`: Command to dynamically determine if an IP should be ignored.
- `--bantime TEXT`: Duration for which a host is banned (e.g., 10m, 1h).
- `--findtime TEXT`: Time window for counting failed attempts before a ban (e.g., 10m).
- `--maxretry INTEGER`: Number of failed attempts allowed before a ban is triggered.
- `--maxmatches INTEGER`: Maximum number of stored matches for actions (defaults to maxretry).
- `--protocol TEXT`: Protocol to be banned (default: tcp).
- `--port TEXT`: Ports to ban (e.g., 0:65535 to ban all ports).
- `--chain TEXT`: Specify the chain where jumps will be added for ban actions.
- `--usedns TEXT`: Behavior for DNS lookups (yes, warn, no, raw).
- `--logencoding TEXT`: Encoding of the log files (e.g., utf-8, ascii, auto).
- `--action TEXT`: Default action for banning.
EX: action\_, action_mw, action_mwl, action_xarf, action_cf_mwl, action_abuseipdb
multiple values can be specified.
`--action action_ --action action_mw`
- `--mta TEXT`: Mail Transfer Agent (e.g., sendmail).
- `--sender TEXT`: Sender email address for notifications.
- `--destemail TEXT`: Destination email address for notifications.
- `--fail2ban-agent TEXT`: User-agent format for Fail2Ban.
- `--delete TEXT`: Delete an option from the jail.
Example: `--delete bantime`
- `--help`: Show this message and exit.
## `fail2ban-manager config`
Configure fail2ban-manager's configuration.
**Usage**:
```console
$ fail2ban-manager config [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--help`: Show this message and exit.
**Commands**:
- `reset`: Copy default configurations from `*.conf`...
### `fail2ban-manager config reset`
Copy default configurations from `*.conf` to `*.local` and json files.
**Usage**:
```console
$ fail2ban-manager config reset [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager plugin`
Configure fail2ban-manager's plugins.
**Usage**:
```console
$ fail2ban-manager plugin [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--help`: Show this message and exit.
**Commands**:
- `ls`: List installed plugins.
- `enable`: Enable a plugin.
- `disable`: Disable a plugin.
### `fail2ban-manager plugin ls`
List installed plugins.
**Usage**:
```console
$ fail2ban-manager plugin ls [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager plugin enable`
Enable a plugin.
**Usage**:
```console
$ fail2ban-manager plugin enable [OPTIONS] PLUGIN_NAME
```
**Arguments**:
- `PLUGIN_NAME`: [required]
**Options**:
- `--help`: Show this message and exit.
### `fail2ban-manager plugin disable`
Disable a plugin.
**Usage**:
```console
$ fail2ban-manager plugin disable [OPTIONS] PLUGIN_NAME
```
**Arguments**:
- `PLUGIN_NAME`: [required]
**Options**:
- `--help`: Show this message and exit.

113
utilities/fail2ban-manager/plugins/cloudflare.md Normal file
View file

@ -0,0 +1,113 @@
---
title: fail2ban-manager plugin - cloudflare
draft: true
date: 2025-01-16
---
**Usage**:
```console
$ fail2ban-manager cloudflare [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--help`: Show this message and exit.
**Commands**:
- `zones`: List configured zones
- `zone-info`: Show information about a zone.
- `create-zone`: Create a new zone in the database.
- `check-ip`: Check if an IP is banned based on rules...
- `ban`: Check if an IP is banned based on rules...
## `fail2ban-manager cloudflare zones`
List configured zones
**Usage**:
```console
$ fail2ban-manager cloudflare zones [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager cloudflare zone-info`
Show information about a zone.
This command will pull the rules from Cloudflare and update the database as well as display the rules in a table.
**Usage**:
```console
$ fail2ban-manager cloudflare zone-info [OPTIONS] ZONE_ID
```
**Arguments**:
- `ZONE_ID`: [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager cloudflare create-zone`
Create a new zone in the database.
**Usage**:
```console
$ fail2ban-manager cloudflare create-zone [OPTIONS] ZONE_ID NAME
```
**Arguments**:
- `ZONE_ID`: [required]
- `NAME`: [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager cloudflare check-ip`
Check if an IP is banned based on rules cached in the database.
**Usage**:
```console
$ fail2ban-manager cloudflare check-ip [OPTIONS] IP
```
**Arguments**:
- `IP`: IP Address to check [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager cloudflare ban`
Check if an IP is banned based on rules cached in the database.
**Usage**:
```console
$ fail2ban-manager cloudflare ban [OPTIONS] ZONE_ID IP
```
**Arguments**:
- `ZONE_ID`: [required]
- `IP`: IP Address to ban [required]
**Options**:
- `--help`: Show this message and exit.

176
utilities/fail2ban-manager/plugins/hetzner.md Normal file
View file

@ -0,0 +1,176 @@
---
title: fail2ban-manager plugin - hetzner
draft: true
date: 2025-01-16
---
**Usage**:
```console
$ fail2ban-manager hetzner [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--help`: Show this message and exit.
**Commands**:
- `info`: Check the status of the Hetzner plugin.
- `update`: Update the configuration.
- `reset`: Reset the configuration to defaults.
- `token`: Set Hetzner API token.
- `firewall-info`: Pull the firewalls from the server.
- `whitelist`: Whitelist an IP address.
- `whitelist-cloudflare`: Whitelist Cloudflare IP addresses.
- `delete-rule`: Delete a firewall rule.
## `fail2ban-manager hetzner info`
Check the status of the Hetzner plugin.
**Usage**:
```console
$ fail2ban-manager hetzner info [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner update`
Update the configuration.
**Usage**:
```console
$ fail2ban-manager hetzner update [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner reset`
Reset the configuration to defaults.
**Usage**:
```console
$ fail2ban-manager hetzner reset [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner token`
Set Hetzner API token.
Warning: If token_str is specified, it will be save in plaintext in the database.
**Usage**:
```console
$ fail2ban-manager hetzner token [OPTIONS] [TOKEN_STR]
```
**Arguments**:
- `[TOKEN_STR]`: The Hetzner API token.
**Options**:
- `--use-env`: Use the `HETZNER_TOKEN` environment variable.
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner firewall-info`
Pull the firewalls from the server.
**Usage**:
```console
$ fail2ban-manager hetzner firewall-info [OPTIONS] FIREWALL_ID
```
**Arguments**:
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner whitelist`
Whitelist an IP address.
## Examples
fail2ban-manager hetzner whitelist &lt;FIREWALLID&gt; --self
fail2ban-manager hetzner whitelist &lt;FIREWALLID&gt; &lt;IP&gt;
**Usage**:
```console
$ fail2ban-manager hetzner whitelist [OPTIONS] FIREWALL_ID [IP] [PORT]
```
**Arguments**:
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
- `[IP]`: An IP to whitelist.
- `[PORT]`: any, 443, 80-85 [default: any]
**Options**:
- `--self`: Whitelist the External IP of the current machine.
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner whitelist-cloudflare`
Whitelist Cloudflare IP addresses.
**Usage**:
```console
$ fail2ban-manager hetzner whitelist-cloudflare [OPTIONS] FIREWALL_ID [PORT]
```
**Arguments**:
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
- `[PORT]`: any, 443, 80-85 [default: 443]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager hetzner delete-rule`
Delete a firewall rule.
## Examples
fail2ban-manager hetzner delete-rule &lt;FIREWALLID&gt; &quot;fail2ban-manager whitelist - &lt;PORT&gt;&quot;
fail2ban-manager hetzner delete-rule &lt;FIREWALLID&gt; &quot;fail2ban-manager cloudflare whitelist - &lt;PORT&gt;&quot;
**Usage**:
```console
$ fail2ban-manager hetzner delete-rule [OPTIONS] FIREWALL_ID DESCRIPTION
```
**Arguments**:
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
- `DESCRIPTION`: The description of the rule to delete. [required]
**Options**:
- `--help`: Show this message and exit.

144
utilities/fail2ban-manager/plugins/telegram.md Normal file
View file

@ -0,0 +1,144 @@
---
title: fail2ban-manager plugin - telegram
draft: true
date: 2025-01-16
---
**Usage**:
```console
$ fail2ban-manager telegram [OPTIONS] COMMAND [ARGS]...
```
**Options**:
- `--install-completion`: Install completion for the current shell.
- `--show-completion`: Show completion for the current shell, to copy it or customize the installation.
- `--help`: Show this message and exit.
**Commands**:
- `ls`: List all jails with Telegram notifications.
- `add-to-jail`: Add the Telegram provider to a jail.
- `remove-from-jail`: Remove the Telegram provider from a jail.
- `edit-message`: Set the message for a specific action.
- `enable-message`: Enable a message for a specific action in...
- `send`: Send a messague to a Telegram bot.
## `fail2ban-manager telegram ls`
List all jails with Telegram notifications.
**Usage**:
```console
$ fail2ban-manager telegram ls [OPTIONS]
```
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager telegram add-to-jail`
Add the Telegram provider to a jail.
**Usage**:
```console
$ fail2ban-manager telegram add-to-jail [OPTIONS] JAILNAME TOKEN CHATID
```
**Arguments**:
- `JAILNAME`: [required]
- `TOKEN`: [env var: TELEGRAM_API_TOKEN; required]
- `CHATID`: [env var: TELEGRAM_CHAT_ID; required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager telegram remove-from-jail`
Remove the Telegram provider from a jail.
**Usage**:
```console
$ fail2ban-manager telegram remove-from-jail [OPTIONS] JAILNAME
```
**Arguments**:
- `JAILNAME`: [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager telegram edit-message`
Set the message for a specific action.
**Usage**:
```console
$ fail2ban-manager telegram edit-message [OPTIONS] JAILNAME ACTION MESSAGE
```
**Arguments**:
- `JAILNAME`: [required]
- `ACTION`: The action to send a message for. [required]
- `MESSAGE`: The action to send. [required]
**Options**:
- `--help`: Show this message and exit.
## `fail2ban-manager telegram enable-message`
Enable a message for a specific action in a jail.
**Usage**:
```console
$ fail2ban-manager telegram enable-message [OPTIONS] JAILNAME
```
**Arguments**:
- `JAILNAME`: [required]
**Options**:
- `--start`: Enable message for start action.
- `--stop`: Enable message for stop action.
- `--check`: Enable message for check action.
- `--ban`: Enable message for ban action.
- `--unban`: Enable message for unban action.
- `--help`: Show this message and exit.
## `fail2ban-manager telegram send`
Send a messague to a Telegram bot.
**Usage**:
```console
$ fail2ban-manager telegram send [OPTIONS] ACTION JAILNAME [TOKEN] [CHATID]
```
**Arguments**:
- `ACTION`: The action to send a message for. [required]
- `JAILNAME`: Name of the jail sending the message [required]
- `[TOKEN]`: [env var: TELEGRAM_API_TOKEN]
- `[CHATID]`: [env var: TELEGRAM_CHAT_ID]
**Options**:
- `--ip TEXT`: IP address of the banned/unbanned IP
- `--failures INTEGER`: Number of failures before ban [default: 0]
- `--help`: Show this message and exit.