commit 2052520a9007b19b89a59d2a70204b0f3bb3eb10 Author: Nathan Price Date: Sun Jan 19 03:10:39 2025 -0500 Initial commit after history reset diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f6b6248 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.obsidian/ diff --git a/Docker Images/bluesky-pds.md b/Docker Images/bluesky-pds.md new file mode 100644 index 0000000..b48d7e9 --- /dev/null +++ b/Docker Images/bluesky-pds.md @@ -0,0 +1,115 @@ +--- +title: bluesky-pds +draft: false +date: 2025-01-18 +--- + +| | | +| ---------------------------- | ---------------------------------------------------------------------------------------------- | +| Official bluesky-pds project | [GitHub - bluesky-social/pds](https://github.com/bluesky-social/pds) | +| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/bluesky-pds/latest) | +| Image on Dockerhub | [Dockerhub](https://hub.docker.com/r/gravityfargo/bluesky-pds) | +| Image Source | [Forgejo](https://code.modernleft.org/gravityfargo/bluesky-pds-docker) | +| Issue Tracker | [GitHub - gravityfargo/bluesky-pds-docker](https://github.com/gravityfargo/bluesky-pds-docker) | + +```bash +docker pull code.modernleft.org/gravityfargo/bluesky-pds:latest +``` + +--- + +A self-contained Docker image for the [Bluesky PDS (Personal Data Server) ](https://github.com/bluesky-social/pds) for use with Traefik. This image is pinned to v0.4.74. + +It is required to run the instance behind a proxy (like [Traefik](https://doc.traefik.io/traefik/)) to generate SSL certificates. This will not work otherwise. The standard pds install includes caddy to handle this. A wildcard DNS assignment along with a wildcard SSL certificate is required. I use Cloudflare for this, see the screenshot below. + +This is not intended for production, and I am not responsible for any data loss or security issues. This is a personal project, and I am not affiliated with Bluesky. + +> [!warning] Data Warning +> Before changing images, upgrading, or any other modification always backup your data! + +### Requirements + +I haven't verified these are the minimum requirements, but they are what I found to be necessary during development. I probably had some dependencies installed already. + +#### Manjaro/Arch + +```bash +sudo pacman -S jq +``` + +#### Debian/Ubuntu + +```bash +sudo apt install make xxd +``` + +### Setup + +Generate secrets and add them to `.env` file. +See [example.env](https://code.modernleft.org/gravityfargo/bluesky-pds-docker/src/branch/main/example.env) as an example. + +```bash +# Generate secret environment variables +echo PDS_ADMIN_PASSWORD: $(openssl rand --hex 16) + +echo PDS_JWT_SECRET: $(openssl rand --hex 16) + +echo PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: $(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32) +``` + +### Docker Compose Setup + +Full list of additional Environment Variables provided by bluesky upstream can be found in the +[packages/pds/src/config/env.ts](https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts) + +If you'd like to learn more about my docker setup, head over to [[getting started|Docker - Getting Started]] + +By default, the image uses 1000:1000 as the UID:GID for the user. This can be changed by setting the `PUID` and `PGID` environment variables. +The compose element `hostname` must be the same value as `PDS_HOSTNAME`. + +![[traefik]] + +Optionally, you can use the [[middleware|BlueskyHeaders]] middleware to set headers. + +--- + +I do not run this, but it should be possible. + +![[standalone]] + +### Running Commands + +Nothing has changed in this department, other than not needing `sudo`. The commands are the same as the upstream project. Such as + +- [Creating an account using pdsadmin](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-pdsadmin) +- [Creating an account using an invite code](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-an-invite-code) + +```bash +docker exec -it bluesky-pds bash +pdsadmin account create +pdsadmin create-invite-code +``` + +> [!danger] Update Warning +> Do not under any circumstances update the image using `pdsadmin update`. I have not tested this, and it may break the image. Submit an +> [issue to my repository](https://github.com/gravityfargo/bluesky-pds-docker) requesting an update, +> and I will update this image and pin the pds to the new version. + +### Cloudflare DNS + +After various testing, I have figured out two things. + +1. In order for email verification to work, you cannot have the DNS Proxy enabled or `AAAA` records active. +2. After you have verified emails, and do not intend to use the email feature, you can re-enable the DNS Proxy and `AAAA` records. + +![[cloudflare.png]] + +## SMTP + +I use protonmail for my SMTP server. You can use any SMTP server you like, but I figured I'd share this information. +These are the environment variables I use. + +``` +PDS_EMAIL_SMTP_URL: smtp://user@example.com:TOKEN@smtp.protonmail.ch:587/ +PDS_EMAIL_FROM_ADDRESS: user@example.com +``` diff --git a/Docker Images/bluesky-pds/cloudflare.png b/Docker Images/bluesky-pds/cloudflare.png new file mode 100644 index 0000000..72bd5b8 Binary files /dev/null and b/Docker Images/bluesky-pds/cloudflare.png differ diff --git a/Docker Images/bluesky-pds/middleware.md b/Docker Images/bluesky-pds/middleware.md new file mode 100644 index 0000000..b4fb6b3 --- /dev/null +++ b/Docker Images/bluesky-pds/middleware.md @@ -0,0 +1,21 @@ +#### Middleware + +I think file configs are cleaner than having a billion labels. This is not required, but it's nice to have. + +```yaml +# middleware.yaml +http: + middlewares: + BlueskyHeaders: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - PUT + - POST + - DELETE + accessControlAllowHeaders: "*" + accessControlAllowOriginList: "*" + addVaryHeader: true + stsSeconds: 63072000 +``` diff --git a/Docker Images/bluesky-pds/standalone.md b/Docker Images/bluesky-pds/standalone.md new file mode 100644 index 0000000..8dea328 --- /dev/null +++ b/Docker Images/bluesky-pds/standalone.md @@ -0,0 +1,24 @@ + + +```yaml title="docker-compose.yml" +# Standalone, you'll need to add a proxy in front of this with SSL. +services: + bluesky-pds: + container_name: bluesky-pds + hostname: example.com + extra_hosts: + - "example.com:0.0.0.0" # domain:external_ip + image: code.modernleft.org/gravityfargo/bluesky-pds:latest + environment: + # Define variables here or in a .env file + PDS_JWT_SECRET: ... + PDS_ADMIN_PASSWORD: ... + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ... + PDS_HOSTNAME: example.com + PDS_EMAIL_SMTP_URL: "" + PDS_EMAIL_FROM_ADDRESS: "" + PUID: 1000 + PGID: 1001 + volumes: + - ./bluesky-pds:/pds +``` diff --git a/Docker Images/bluesky-pds/traefik.md b/Docker Images/bluesky-pds/traefik.md new file mode 100644 index 0000000..3ccc628 --- /dev/null +++ b/Docker Images/bluesky-pds/traefik.md @@ -0,0 +1,41 @@ +--- +title: bluesky-pds +draft: false +date: 2025-01-18 +--- + +```yaml title="docker-compose.yml" +# Traefik Proxy +services: + bluesky-pds: + container_name: bluesky-pds + image: code.modernleft.org/gravityfargo/bluesky-pds:latest + hostname: example.com + extra_hosts: + - "example.com:0.0.0.0" # domain:external_ip + networks: + - proxy + environment: + # Define variables here or in a .env file + PDS_JWT_SECRET: ... + PDS_ADMIN_PASSWORD: ... + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ... + PDS_HOSTNAME: example.com + PDS_EMAIL_SMTP_URL: smtps://resend:@smtp.resend.com:465/ + PDS_EMAIL_FROM_ADDRESS: admin@example.com + PUID: 1000 + PGID: 1001 + volumes: + - ./bluesky-pds:/pds + labels: + traefik.enable: "true" + traefik.http.routers.bluesky-pds-insecure.entrypoints: http + traefik.http.routers.bluesky-pds-insecure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`) + # traefik.http.routers.bluesky-pds-insecure.middlewares: BlueskyHeaders@file + traefik.http.routers.bluesky-pds-secure.entrypoints: https + traefik.http.routers.bluesky-pds-secure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`) + traefik.http.routers.bluesky-pds-secure.tls: "true" + traefik.http.services.bluesky-pds.loadbalancer.server.scheme: http + traefik.http.services.bluesky-pds.loadbalancer.server.port: 3000 + # traefik.http.routers.bluesky-pds-secure.middlewares: BlueskyHeaders@file +``` diff --git a/Docker Images/quartz.md b/Docker Images/quartz.md new file mode 100644 index 0000000..edec654 --- /dev/null +++ b/Docker Images/quartz.md @@ -0,0 +1,113 @@ +--- +title: quartz +draft: false +date: 2025-01-16 +--- + +| | | +| ----------------------- | ---------------------------------------------------------------------------------------------- | +| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/quartz-docker/v4.4.0) | +| Official quartz project | [GitHub - jackyzha0/quartz](https://github.com/jackyzha0/quartz) | +| Image Source | [Forgejo - gravityfargo/quartz-docker](https://code.modernleft.org/gravityfargo/quartz-docker) | +| Issue Tracker | | + +```bash +docker pull code.modernleft.org/gravityfargo/quartz-docker:v4.4.0 +``` + +--- + +This project runs Quartz v4.4.0, a fast, batteries-included static site generator, inside a Docker container. It transforms Markdown content into a fully functional website. + +While Quartz provides [Docker support](https://quartz.jzhao.xyz/features/Docker-Support), it is not as self contained as this project. + +There is no support for SSL or any other features that are not directly related to building the site. I run everything behind traefik, so I don't need it. + +## 🐳 Docker Compose Setup + +Create a data directory + +```bash +mkdir -p /srv/quartz +``` + +```yaml title="docker-compose.yml" +services: + quartz-wiki: + container_name: quartz-wiki + image: code.modernleft.org/gravityfargo/quartz-docker:dev + ports: + - 80:80 + environment: + USER_ID: 1000 + GROUP_ID: 1001 + SERVER_NAME: "docs.modernleft.org" + ENABLE_CRON: "true" + BUILD_SCHEDULE: "*/30 * * * *" + CONTENT_REPO: "https://code.modernleft.org/gravityfargo/modernleft-docs.git" + volumes: + - /srv/quartz:/quartz +``` + +**First Run** + +```bash +docker-compose up -d +docker stop quartz-wiki +``` + +On first run, the container will download the necessary dependencies, build the site, and download the content repository. + +After that, you can configure whatever you would like in `/srv/quartz/src` using the stock options found in the quartz [documentation](https://quartz.jzhao.xyz/configuration) Bare minimum should be `baseUrl` and `pageTitle`. + +🥳 Done! 🎉 + +## Manually Building the Site + +If you don't use the cron job, and don't feel like restarting the container, you can build the site manually. + +```bash +docker exec -it quartz-wiki bash +# +cd /quartz/content/ && git restore . && git pull +cd /quartz/src/ && npx quartz build +``` + +## ⚙️ Configuration + +**cron** + +This is the an equivalent command to the cron job. + +```bash +cd /quartz/content +git restore . +git pull +cd /quartz/src & +npx quartz build +echo 'Content Updated.' +``` + +Setting `ENABLE_CRON` to `true` and defining `BUILD_SCHEDULE` performs these actions. +If you need help configuring [Crontab.guru - The cron schedule expression generator](https://crontab.guru/) is a useful tool for that + +Example: + +```yaml +environment: + ENABLE_CRON: "true" + BUILD_SCHEDULE: "*/1 * * * *" # Runs every minute +``` + +### Environment Variables + +| Variable | Description | Default Value | +| -------------------- | ---------------------------------------------------- | ---------------------------------------------------- | +| `USER_ID`/`GROUP_ID` | UID/GID that` /quartz` will be chown'd to on startup | `1000`:`1000` | +| `NGINX_PORT` | Port for the Nginx server | `80` | +| `SERVER_NAME` | NGINX server name | `quartz.zhao.xyz` | +| `ENABLE_CRON` | Enables scheduled builds (`true` or `false`) | `false` | +| `BUILD_SCHEDULE` | Cron expression for scheduling site builds | `"*/10 * * * *"` every 10 min | +| `CONTENT_REPO` | URL of the content repository | `https://code.modernleft.org/gravityfargo/empty.git` | + +> [!NOTE] > `CONTENT_REPO` Must use https, not git. diff --git a/Docker Images/quartz/Developing with Quartz.md b/Docker Images/quartz/Developing with Quartz.md new file mode 100644 index 0000000..dc7fe54 --- /dev/null +++ b/Docker Images/quartz/Developing with Quartz.md @@ -0,0 +1,33 @@ +--- +title: Developing with Quartz +draft: false +date: 2025-01-17 +--- + +This container is also good for quickly developing components for Quartz. It is a good way to test things out without having to install anything on your local machine, and a simple `make run` -> `ctrl-c` -> `up arrow` -> `enter` is all you need to see your changes. + +I keep all of my projects in `~/Repositories`, so I would do this: + +Link my primary development folder to the container repo's source folder: +```bash +cd ~/Repositories +git clone git@git.modernleft.org:gravityfargo/quartz-docker.git +git clone git@github.com:jackyzha0/quartz.git +``` + +Then mount the quartz directory to the development docker-compose file: +```yaml +volumes: +- ~/Repositories/quartz:/quartz/src +``` +Then, you can run the container with the following command: +```bash +cd ~/Repositories/quartz-docker +make run +``` + +If 200+ files are claiming to be modified, you may need to disable filemode checking: + +```bash +git config core.fileMode false +``` diff --git a/Tutorials/Docker/Proxy Network.md b/Tutorials/Docker/Proxy Network.md new file mode 100644 index 0000000..93ab31e --- /dev/null +++ b/Tutorials/Docker/Proxy Network.md @@ -0,0 +1,17 @@ +--- +title: Proxy Network +draft: true +date: 2025-01-18 +--- + +```json title="/etc/docker/daemon.json" +{ + "ipv6": true, + "fixed-cidr-v6": "2001:db8:1::/64" +} +``` + +```bash +sudo systemctl reboot +docker network create --subnet=192.168.1.0/24 --ipv6 --attachable proxy +``` diff --git a/Tutorials/Docker/getting started.md b/Tutorials/Docker/getting started.md new file mode 100644 index 0000000..131e3f6 --- /dev/null +++ b/Tutorials/Docker/getting started.md @@ -0,0 +1,5 @@ +--- +title: Getting Started +draft: true +date: 2025-01-18 +--- diff --git a/Tutorials/Traefik/CloudFlare.md b/Tutorials/Traefik/CloudFlare.md new file mode 100644 index 0000000..1236a75 --- /dev/null +++ b/Tutorials/Traefik/CloudFlare.md @@ -0,0 +1,23 @@ +--- +title: CloudFlare +draft: true +date: 2025-01-18 +--- + +Disable: +- Always Use HTTPS +- Automatic HTTPS Rewrites +Enable: +- gRPC +- Pseudo IPv4 (headers) + + +If you have A and AAAA then the plugin `github.com/Paxxs/traefik-get-real-ip` + +192.168.1.20 - - [19/Jan/2025:01:01:32 +0000] "GET /static/contentIndex.json HTTP/1.1" 304 0 "[https://docs.modernleft.org/"](https://docs.modernleft.org/"); "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" "2603:7080:f400:ed43:939f:266:9bef:e628, 172.71.255.28" + +192.168.1.20 - proxy +172.71.255.28 - cloudflare ipv4 +2603:7080:f400:ed43:939f:266:9bef:e628 - the actual user's ip + +"Pseudo IPv4" is needed for this \ No newline at end of file diff --git a/index.md b/index.md new file mode 100644 index 0000000..58c51e5 --- /dev/null +++ b/index.md @@ -0,0 +1,21 @@ +--- +title: Home +draft: false +date: 2025-01-16 +--- + +Welcome to the ModernLeft Documentation! + +This is a consolidated wiki for most of my projects. + +--- + +## Docker Containers + +### [[quartz]] + +Simply [quartz](https://quartz.jzhao.xyz/), in a docker container. This wiki is running on it. + +### [[bluesky-pds]] + +A self-contained Docker image for the [Bluesky PDS (Personal Data Server)](https://github.com/bluesky-social/pds) for use with Traefik. diff --git a/templates/primary.md b/templates/primary.md new file mode 100644 index 0000000..046d170 --- /dev/null +++ b/templates/primary.md @@ -0,0 +1,6 @@ +--- +title: ModernLeft - CHANGEME +draft: false +date: <% tp.file.creation_date("YYYY-MM-DD") %> +--- + diff --git a/utilities/fail2ban-manager.md b/utilities/fail2ban-manager.md new file mode 100644 index 0000000..bf9d288 --- /dev/null +++ b/utilities/fail2ban-manager.md @@ -0,0 +1,96 @@ +--- +title: fail2ban-manager +draft: true +date: 2025-01-16 +--- + +An extensible CLI tool for managing [fail2ban](https://github.com/fail2ban/fail2ban). + +- [Introduction](#introduction) +- [Working with Jails](#working-with-jails) +- [Plugins](#plugins) + - [Cloudflare](#cloudflare) + - [Plugin: Hetzner](#plugin-hetzner) + - [Plugin: Telegram](#plugin-telegram) +- [Credits](#credits) + +## Introduction + +Source Code hosted on my [Forgejo instance](https://forgejo.gravityfargo.dev/gravityfargo/fail2ban-manager). Registration is enabled for the public with GitHub via Authentik. + +Any issues and feature requests can be submitted here on GitHub. + +This tool is designed to make managing fail2ban easier without the need to edit configuration files. It is designed to be extensible via plugins, and easy to use. + +## Working with Jails + +## Plugins + +### Cloudflare + +> Ban an IP address using IP Rules in [Cloudflare WAF](https://developers.cloudflare.com/waf/tools/ip-access-rules/create/). Jails are configured create rules in a specific DNS zone. Bans are cached in a database for fail2ban's check action to use. + +| Notes | | +| -------------------- | ----------------------------------------------------------------- | +| Typer generated docs | [Link](man/cloudflare.md) | +| Provided via | [Officicial SDK](https://github.com/cloudflare/cloudflare-python) | + +--- + +https://github.com/Paxxs/traefik-get-real-ip + +| Variable | Purpose | +| ---------------------- | ----------------------------------------- | +| `CLOUDFLARE_EMAIL` | Email address for Cloudflare account | +| `CLOUDFLARE_API_TOKEN` | Token with permissions to manage IP Rules | + +1. Enable the Cloudflare plugin + +```bash +f2bm plugin enable cloudflare +``` + +1. Create an [API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) +2. Get the [Zone ID](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) from Cloudflare and create a zone in the database + +```bash +f2bm cloudflare create-zone 11111111111111111111111111111111 example.com +``` + +### Plugin: Hetzner + +> Whitelist ip addresses in the [Hetzner](https://www.hetzner.com/) cloud firewall, and bulk whitelist Cloudflare IP addresses. + +| Notes | | +| -------------------- | --------------------------------------------------------------- | +| Typer generated docs | [Link](man/hetzner.md) | +| Provided via | [Officicial SDK](https://github.com/hetznercloud/hcloud-python) | + +--- + +1. Enable the Hetzner plugin + +```bash +f2bm plugin enable hetzner +``` + +2. Create an [API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/) + +### Plugin: Telegram + +> Send a message to a Telegram chat. Custom messages per-jail are supported as well as seperate groups for each jail. + +| Notes | | +| -------------------- | ----------------------------------------------------------------- | +| Typer generated docs | [Link](man/telegram.md) | +| Provided via | [Rest API](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) | + +--- + +## Credits + +- [Typer](https://github.com/fastapi/typer), build great CLIs. Easy to code. Based on Python type hints. + +- [Rich](https://github.com/Textualize/rich) is a Python library for rich text and beautiful formatting in the terminal. + +- [envoyer](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) Stupid simple notifications library. (My Project) diff --git a/utilities/fail2ban-manager/base.md b/utilities/fail2ban-manager/base.md new file mode 100644 index 0000000..6fa9c9b --- /dev/null +++ b/utilities/fail2ban-manager/base.md @@ -0,0 +1,274 @@ +--- +title: fail2ban-manager plugin +draft: true +date: 2025-01-16 +--- + +**Usage**: + +```console +$ fail2ban-manager [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--install-completion`: Install completion for the current shell. +- `--show-completion`: Show completion for the current shell, to copy it or customize the installation. +- `--help`: Show this message and exit. + +**Commands**: + +- `jail`: Configure Fail2ban jails. +- `config`: Configure fail2ban-manager's configuration. +- `plugin`: Configure fail2ban-manager's plugins. + +## `fail2ban-manager jail` + +Configure Fail2ban jails. + +**Usage**: + +```console +$ fail2ban-manager jail [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--help`: Show this message and exit. + +**Commands**: + +- `ls`: List all defined jails. +- `enable`: Enable a jail. +- `disable`: Disable a jail. +- `info`: Display information about a jail. +- `edit`: Edit the properties of a jail. + +### `fail2ban-manager jail ls` + +List all defined jails. + +**Usage**: + +```console +$ fail2ban-manager jail ls [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager jail enable` + +Enable a jail. + +**Usage**: + +```console +$ fail2ban-manager jail enable [OPTIONS] NAME +``` + +**Arguments**: + +- `NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager jail disable` + +Disable a jail. + +**Usage**: + +```console +$ fail2ban-manager jail disable [OPTIONS] NAME +``` + +**Arguments**: + +- `NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager jail info` + +Display information about a jail. + +**Usage**: + +```console +$ fail2ban-manager jail info [OPTIONS] NAME +``` + +**Arguments**: + +- `NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager jail edit` + +Edit the properties of a jail. + +**Usage**: + +```console +$ fail2ban-manager jail edit [OPTIONS] NAME +``` + +**Arguments**: + +- `NAME`: Name of the jail. [required] + +**Options**: + +- `--backend TEXT`: The backend used to get file modifications. + +Options: . + +- `--bantime-increment`: Enable searching previously banned IPs to increment the ban time. +- `--bantime-rndtime INTEGER`: Add random time (in seconds) to the calculated ban time. +- `--bantime-maxtime INTEGER`: Maximum ban time (in seconds) that can be reached. +- `--bantime-factor FLOAT`: Factor used for exponential growth of ban time. +- `--bantime-formula TEXT`: Custom formula for calculating the next ban time. +- `--bantime-multipliers TEXT`: Custom multipliers for calculating the next ban time (e.g., 1 5 30 60). +- `--bantime-overalljails`: Search for banned IPs across all jails (default: false). +- `--ignoreself`: Ignore local/own IP addresses (default: true). +- `--ignoreip TEXT`: List of IPs, CIDR masks, or DNS hosts to ignore. + +Example: "127.0.0.1/8 ::1" + +- `--ignorecommand TEXT`: Command to dynamically determine if an IP should be ignored. +- `--bantime TEXT`: Duration for which a host is banned (e.g., 10m, 1h). +- `--findtime TEXT`: Time window for counting failed attempts before a ban (e.g., 10m). +- `--maxretry INTEGER`: Number of failed attempts allowed before a ban is triggered. +- `--maxmatches INTEGER`: Maximum number of stored matches for actions (defaults to maxretry). +- `--protocol TEXT`: Protocol to be banned (default: tcp). +- `--port TEXT`: Ports to ban (e.g., 0:65535 to ban all ports). +- `--chain TEXT`: Specify the chain where jumps will be added for ban actions. +- `--usedns TEXT`: Behavior for DNS lookups (yes, warn, no, raw). +- `--logencoding TEXT`: Encoding of the log files (e.g., utf-8, ascii, auto). +- `--action TEXT`: Default action for banning. + +EX: action\_, action_mw, action_mwl, action_xarf, action_cf_mwl, action_abuseipdb + +multiple values can be specified. +`--action action_ --action action_mw` + +- `--mta TEXT`: Mail Transfer Agent (e.g., sendmail). +- `--sender TEXT`: Sender email address for notifications. +- `--destemail TEXT`: Destination email address for notifications. +- `--fail2ban-agent TEXT`: User-agent format for Fail2Ban. +- `--delete TEXT`: Delete an option from the jail. + +Example: `--delete bantime` + +- `--help`: Show this message and exit. + +## `fail2ban-manager config` + +Configure fail2ban-manager's configuration. + +**Usage**: + +```console +$ fail2ban-manager config [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--help`: Show this message and exit. + +**Commands**: + +- `reset`: Copy default configurations from `*.conf`... + +### `fail2ban-manager config reset` + +Copy default configurations from `*.conf` to `*.local` and json files. + +**Usage**: + +```console +$ fail2ban-manager config reset [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager plugin` + +Configure fail2ban-manager's plugins. + +**Usage**: + +```console +$ fail2ban-manager plugin [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--help`: Show this message and exit. + +**Commands**: + +- `ls`: List installed plugins. +- `enable`: Enable a plugin. +- `disable`: Disable a plugin. + +### `fail2ban-manager plugin ls` + +List installed plugins. + +**Usage**: + +```console +$ fail2ban-manager plugin ls [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager plugin enable` + +Enable a plugin. + +**Usage**: + +```console +$ fail2ban-manager plugin enable [OPTIONS] PLUGIN_NAME +``` + +**Arguments**: + +- `PLUGIN_NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +### `fail2ban-manager plugin disable` + +Disable a plugin. + +**Usage**: + +```console +$ fail2ban-manager plugin disable [OPTIONS] PLUGIN_NAME +``` + +**Arguments**: + +- `PLUGIN_NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. diff --git a/utilities/fail2ban-manager/plugins/cloudflare.md b/utilities/fail2ban-manager/plugins/cloudflare.md new file mode 100644 index 0000000..ffd0859 --- /dev/null +++ b/utilities/fail2ban-manager/plugins/cloudflare.md @@ -0,0 +1,113 @@ +--- +title: fail2ban-manager plugin - cloudflare +draft: true +date: 2025-01-16 +--- + +**Usage**: + +```console +$ fail2ban-manager cloudflare [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--help`: Show this message and exit. + +**Commands**: + +- `zones`: List configured zones +- `zone-info`: Show information about a zone. +- `create-zone`: Create a new zone in the database. +- `check-ip`: Check if an IP is banned based on rules... +- `ban`: Check if an IP is banned based on rules... + +## `fail2ban-manager cloudflare zones` + +List configured zones + +**Usage**: + +```console +$ fail2ban-manager cloudflare zones [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager cloudflare zone-info` + +Show information about a zone. + +This command will pull the rules from Cloudflare and update the database as well as display the rules in a table. + +**Usage**: + +```console +$ fail2ban-manager cloudflare zone-info [OPTIONS] ZONE_ID +``` + +**Arguments**: + +- `ZONE_ID`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager cloudflare create-zone` + +Create a new zone in the database. + +**Usage**: + +```console +$ fail2ban-manager cloudflare create-zone [OPTIONS] ZONE_ID NAME +``` + +**Arguments**: + +- `ZONE_ID`: [required] +- `NAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager cloudflare check-ip` + +Check if an IP is banned based on rules cached in the database. + +**Usage**: + +```console +$ fail2ban-manager cloudflare check-ip [OPTIONS] IP +``` + +**Arguments**: + +- `IP`: IP Address to check [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager cloudflare ban` + +Check if an IP is banned based on rules cached in the database. + +**Usage**: + +```console +$ fail2ban-manager cloudflare ban [OPTIONS] ZONE_ID IP +``` + +**Arguments**: + +- `ZONE_ID`: [required] +- `IP`: IP Address to ban [required] + +**Options**: + +- `--help`: Show this message and exit. diff --git a/utilities/fail2ban-manager/plugins/hetzner.md b/utilities/fail2ban-manager/plugins/hetzner.md new file mode 100644 index 0000000..a721660 --- /dev/null +++ b/utilities/fail2ban-manager/plugins/hetzner.md @@ -0,0 +1,176 @@ +--- +title: fail2ban-manager plugin - hetzner +draft: true +date: 2025-01-16 +--- + +**Usage**: + +```console +$ fail2ban-manager hetzner [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--help`: Show this message and exit. + +**Commands**: + +- `info`: Check the status of the Hetzner plugin. +- `update`: Update the configuration. +- `reset`: Reset the configuration to defaults. +- `token`: Set Hetzner API token. +- `firewall-info`: Pull the firewalls from the server. +- `whitelist`: Whitelist an IP address. +- `whitelist-cloudflare`: Whitelist Cloudflare IP addresses. +- `delete-rule`: Delete a firewall rule. + +## `fail2ban-manager hetzner info` + +Check the status of the Hetzner plugin. + +**Usage**: + +```console +$ fail2ban-manager hetzner info [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner update` + +Update the configuration. + +**Usage**: + +```console +$ fail2ban-manager hetzner update [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner reset` + +Reset the configuration to defaults. + +**Usage**: + +```console +$ fail2ban-manager hetzner reset [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner token` + +Set Hetzner API token. + +Warning: If token_str is specified, it will be save in plaintext in the database. + +**Usage**: + +```console +$ fail2ban-manager hetzner token [OPTIONS] [TOKEN_STR] +``` + +**Arguments**: + +- `[TOKEN_STR]`: The Hetzner API token. + +**Options**: + +- `--use-env`: Use the `HETZNER_TOKEN` environment variable. +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner firewall-info` + +Pull the firewalls from the server. + +**Usage**: + +```console +$ fail2ban-manager hetzner firewall-info [OPTIONS] FIREWALL_ID +``` + +**Arguments**: + +- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner whitelist` + +Whitelist an IP address. + +## Examples + +fail2ban-manager hetzner whitelist <FIREWALLID> --self +fail2ban-manager hetzner whitelist <FIREWALLID> <IP> + +**Usage**: + +```console +$ fail2ban-manager hetzner whitelist [OPTIONS] FIREWALL_ID [IP] [PORT] +``` + +**Arguments**: + +- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required] +- `[IP]`: An IP to whitelist. +- `[PORT]`: any, 443, 80-85 [default: any] + +**Options**: + +- `--self`: Whitelist the External IP of the current machine. +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner whitelist-cloudflare` + +Whitelist Cloudflare IP addresses. + +**Usage**: + +```console +$ fail2ban-manager hetzner whitelist-cloudflare [OPTIONS] FIREWALL_ID [PORT] +``` + +**Arguments**: + +- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required] +- `[PORT]`: any, 443, 80-85 [default: 443] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager hetzner delete-rule` + +Delete a firewall rule. + +## Examples + +fail2ban-manager hetzner delete-rule <FIREWALLID> "fail2ban-manager whitelist - <PORT>" +fail2ban-manager hetzner delete-rule <FIREWALLID> "fail2ban-manager cloudflare whitelist - <PORT>" + +**Usage**: + +```console +$ fail2ban-manager hetzner delete-rule [OPTIONS] FIREWALL_ID DESCRIPTION +``` + +**Arguments**: + +- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required] +- `DESCRIPTION`: The description of the rule to delete. [required] + +**Options**: + +- `--help`: Show this message and exit. diff --git a/utilities/fail2ban-manager/plugins/telegram.md b/utilities/fail2ban-manager/plugins/telegram.md new file mode 100644 index 0000000..fdd0895 --- /dev/null +++ b/utilities/fail2ban-manager/plugins/telegram.md @@ -0,0 +1,144 @@ +--- +title: fail2ban-manager plugin - telegram +draft: true +date: 2025-01-16 +--- + +**Usage**: + +```console +$ fail2ban-manager telegram [OPTIONS] COMMAND [ARGS]... +``` + +**Options**: + +- `--install-completion`: Install completion for the current shell. +- `--show-completion`: Show completion for the current shell, to copy it or customize the installation. +- `--help`: Show this message and exit. + +**Commands**: + +- `ls`: List all jails with Telegram notifications. +- `add-to-jail`: Add the Telegram provider to a jail. +- `remove-from-jail`: Remove the Telegram provider from a jail. +- `edit-message`: Set the message for a specific action. +- `enable-message`: Enable a message for a specific action in... +- `send`: Send a messague to a Telegram bot. + +## `fail2ban-manager telegram ls` + +List all jails with Telegram notifications. + +**Usage**: + +```console +$ fail2ban-manager telegram ls [OPTIONS] +``` + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager telegram add-to-jail` + +Add the Telegram provider to a jail. + +**Usage**: + +```console +$ fail2ban-manager telegram add-to-jail [OPTIONS] JAILNAME TOKEN CHATID +``` + +**Arguments**: + +- `JAILNAME`: [required] +- `TOKEN`: [env var: TELEGRAM_API_TOKEN; required] +- `CHATID`: [env var: TELEGRAM_CHAT_ID; required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager telegram remove-from-jail` + +Remove the Telegram provider from a jail. + +**Usage**: + +```console +$ fail2ban-manager telegram remove-from-jail [OPTIONS] JAILNAME +``` + +**Arguments**: + +- `JAILNAME`: [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager telegram edit-message` + +Set the message for a specific action. + +**Usage**: + +```console +$ fail2ban-manager telegram edit-message [OPTIONS] JAILNAME ACTION MESSAGE +``` + +**Arguments**: + +- `JAILNAME`: [required] +- `ACTION`: The action to send a message for. [required] +- `MESSAGE`: The action to send. [required] + +**Options**: + +- `--help`: Show this message and exit. + +## `fail2ban-manager telegram enable-message` + +Enable a message for a specific action in a jail. + +**Usage**: + +```console +$ fail2ban-manager telegram enable-message [OPTIONS] JAILNAME +``` + +**Arguments**: + +- `JAILNAME`: [required] + +**Options**: + +- `--start`: Enable message for start action. +- `--stop`: Enable message for stop action. +- `--check`: Enable message for check action. +- `--ban`: Enable message for ban action. +- `--unban`: Enable message for unban action. +- `--help`: Show this message and exit. + +## `fail2ban-manager telegram send` + +Send a messague to a Telegram bot. + +**Usage**: + +```console +$ fail2ban-manager telegram send [OPTIONS] ACTION JAILNAME [TOKEN] [CHATID] +``` + +**Arguments**: + +- `ACTION`: The action to send a message for. [required] +- `JAILNAME`: Name of the jail sending the message [required] +- `[TOKEN]`: [env var: TELEGRAM_API_TOKEN] +- `[CHATID]`: [env var: TELEGRAM_CHAT_ID] + +**Options**: + +- `--ip TEXT`: IP address of the banned/unbanned IP +- `--failures INTEGER`: Number of failures before ban [default: 0] +- `--help`: Show this message and exit.