Initial commit after history reset
This commit is contained in:
commit
2052520a90
18 changed files with 1223 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.obsidian/
|
115
Docker Images/bluesky-pds.md
Normal file
115
Docker Images/bluesky-pds.md
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
---
|
||||||
|
title: bluesky-pds
|
||||||
|
draft: false
|
||||||
|
date: 2025-01-18
|
||||||
|
---
|
||||||
|
|
||||||
|
| | |
|
||||||
|
| ---------------------------- | ---------------------------------------------------------------------------------------------- |
|
||||||
|
| Official bluesky-pds project | [GitHub - bluesky-social/pds](https://github.com/bluesky-social/pds) |
|
||||||
|
| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/bluesky-pds/latest) |
|
||||||
|
| Image on Dockerhub | [Dockerhub](https://hub.docker.com/r/gravityfargo/bluesky-pds) |
|
||||||
|
| Image Source | [Forgejo](https://code.modernleft.org/gravityfargo/bluesky-pds-docker) |
|
||||||
|
| Issue Tracker | [GitHub - gravityfargo/bluesky-pds-docker](https://github.com/gravityfargo/bluesky-pds-docker) |
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker pull code.modernleft.org/gravityfargo/bluesky-pds:latest
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
A self-contained Docker image for the [Bluesky PDS (Personal Data Server) ](https://github.com/bluesky-social/pds) for use with Traefik. This image is pinned to v0.4.74.
|
||||||
|
|
||||||
|
It is required to run the instance behind a proxy (like [Traefik](https://doc.traefik.io/traefik/)) to generate SSL certificates. This will not work otherwise. The standard pds install includes caddy to handle this. A wildcard DNS assignment along with a wildcard SSL certificate is required. I use Cloudflare for this, see the screenshot below.
|
||||||
|
|
||||||
|
This is not intended for production, and I am not responsible for any data loss or security issues. This is a personal project, and I am not affiliated with Bluesky.
|
||||||
|
|
||||||
|
> [!warning] Data Warning
|
||||||
|
> Before changing images, upgrading, or any other modification always backup your data!
|
||||||
|
|
||||||
|
### Requirements
|
||||||
|
|
||||||
|
I haven't verified these are the minimum requirements, but they are what I found to be necessary during development. I probably had some dependencies installed already.
|
||||||
|
|
||||||
|
#### Manjaro/Arch
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo pacman -S jq
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Debian/Ubuntu
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install make xxd
|
||||||
|
```
|
||||||
|
|
||||||
|
### Setup
|
||||||
|
|
||||||
|
Generate secrets and add them to `.env` file.
|
||||||
|
See [example.env](https://code.modernleft.org/gravityfargo/bluesky-pds-docker/src/branch/main/example.env) as an example.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Generate secret environment variables
|
||||||
|
echo PDS_ADMIN_PASSWORD: $(openssl rand --hex 16)
|
||||||
|
|
||||||
|
echo PDS_JWT_SECRET: $(openssl rand --hex 16)
|
||||||
|
|
||||||
|
echo PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: $(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
|
||||||
|
```
|
||||||
|
|
||||||
|
### Docker Compose Setup
|
||||||
|
|
||||||
|
Full list of additional Environment Variables provided by bluesky upstream can be found in the
|
||||||
|
[packages/pds/src/config/env.ts](https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts)
|
||||||
|
|
||||||
|
If you'd like to learn more about my docker setup, head over to [[getting started|Docker - Getting Started]]
|
||||||
|
|
||||||
|
By default, the image uses 1000:1000 as the UID:GID for the user. This can be changed by setting the `PUID` and `PGID` environment variables.
|
||||||
|
The compose element `hostname` must be the same value as `PDS_HOSTNAME`.
|
||||||
|
|
||||||
|
![[traefik]]
|
||||||
|
|
||||||
|
Optionally, you can use the [[middleware|BlueskyHeaders]] middleware to set headers.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
I do not run this, but it should be possible.
|
||||||
|
|
||||||
|
![[standalone]]
|
||||||
|
|
||||||
|
### Running Commands
|
||||||
|
|
||||||
|
Nothing has changed in this department, other than not needing `sudo`. The commands are the same as the upstream project. Such as
|
||||||
|
|
||||||
|
- [Creating an account using pdsadmin](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-pdsadmin)
|
||||||
|
- [Creating an account using an invite code](https://github.com/bluesky-social/pds?tab=readme-ov-file#creating-an-account-using-an-invite-code)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker exec -it bluesky-pds bash
|
||||||
|
pdsadmin account create
|
||||||
|
pdsadmin create-invite-code
|
||||||
|
```
|
||||||
|
|
||||||
|
> [!danger] Update Warning
|
||||||
|
> Do not under any circumstances update the image using `pdsadmin update`. I have not tested this, and it may break the image. Submit an
|
||||||
|
> [issue to my repository](https://github.com/gravityfargo/bluesky-pds-docker) requesting an update,
|
||||||
|
> and I will update this image and pin the pds to the new version.
|
||||||
|
|
||||||
|
### Cloudflare DNS
|
||||||
|
|
||||||
|
After various testing, I have figured out two things.
|
||||||
|
|
||||||
|
1. In order for email verification to work, you cannot have the DNS Proxy enabled or `AAAA` records active.
|
||||||
|
2. After you have verified emails, and do not intend to use the email feature, you can re-enable the DNS Proxy and `AAAA` records.
|
||||||
|
|
||||||
|
![[cloudflare.png]]
|
||||||
|
|
||||||
|
## SMTP
|
||||||
|
|
||||||
|
I use protonmail for my SMTP server. You can use any SMTP server you like, but I figured I'd share this information.
|
||||||
|
These are the environment variables I use.
|
||||||
|
|
||||||
|
```
|
||||||
|
PDS_EMAIL_SMTP_URL: smtp://user@example.com:TOKEN@smtp.protonmail.ch:587/
|
||||||
|
PDS_EMAIL_FROM_ADDRESS: user@example.com
|
||||||
|
```
|
BIN
Docker Images/bluesky-pds/cloudflare.png
Normal file
BIN
Docker Images/bluesky-pds/cloudflare.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
21
Docker Images/bluesky-pds/middleware.md
Normal file
21
Docker Images/bluesky-pds/middleware.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
#### Middleware
|
||||||
|
|
||||||
|
I think file configs are cleaner than having a billion labels. This is not required, but it's nice to have.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# middleware.yaml
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
BlueskyHeaders:
|
||||||
|
headers:
|
||||||
|
accessControlAllowMethods:
|
||||||
|
- GET
|
||||||
|
- OPTIONS
|
||||||
|
- PUT
|
||||||
|
- POST
|
||||||
|
- DELETE
|
||||||
|
accessControlAllowHeaders: "*"
|
||||||
|
accessControlAllowOriginList: "*"
|
||||||
|
addVaryHeader: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
```
|
24
Docker Images/bluesky-pds/standalone.md
Normal file
24
Docker Images/bluesky-pds/standalone.md
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
|
||||||
|
|
||||||
|
```yaml title="docker-compose.yml"
|
||||||
|
# Standalone, you'll need to add a proxy in front of this with SSL.
|
||||||
|
services:
|
||||||
|
bluesky-pds:
|
||||||
|
container_name: bluesky-pds
|
||||||
|
hostname: example.com
|
||||||
|
extra_hosts:
|
||||||
|
- "example.com:0.0.0.0" # domain:external_ip
|
||||||
|
image: code.modernleft.org/gravityfargo/bluesky-pds:latest
|
||||||
|
environment:
|
||||||
|
# Define variables here or in a .env file
|
||||||
|
PDS_JWT_SECRET: ...
|
||||||
|
PDS_ADMIN_PASSWORD: ...
|
||||||
|
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ...
|
||||||
|
PDS_HOSTNAME: example.com
|
||||||
|
PDS_EMAIL_SMTP_URL: ""
|
||||||
|
PDS_EMAIL_FROM_ADDRESS: ""
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1001
|
||||||
|
volumes:
|
||||||
|
- ./bluesky-pds:/pds
|
||||||
|
```
|
41
Docker Images/bluesky-pds/traefik.md
Normal file
41
Docker Images/bluesky-pds/traefik.md
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
title: bluesky-pds
|
||||||
|
draft: false
|
||||||
|
date: 2025-01-18
|
||||||
|
---
|
||||||
|
|
||||||
|
```yaml title="docker-compose.yml"
|
||||||
|
# Traefik Proxy
|
||||||
|
services:
|
||||||
|
bluesky-pds:
|
||||||
|
container_name: bluesky-pds
|
||||||
|
image: code.modernleft.org/gravityfargo/bluesky-pds:latest
|
||||||
|
hostname: example.com
|
||||||
|
extra_hosts:
|
||||||
|
- "example.com:0.0.0.0" # domain:external_ip
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
environment:
|
||||||
|
# Define variables here or in a .env file
|
||||||
|
PDS_JWT_SECRET: ...
|
||||||
|
PDS_ADMIN_PASSWORD: ...
|
||||||
|
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ...
|
||||||
|
PDS_HOSTNAME: example.com
|
||||||
|
PDS_EMAIL_SMTP_URL: smtps://resend:<your api key here>@smtp.resend.com:465/
|
||||||
|
PDS_EMAIL_FROM_ADDRESS: admin@example.com
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1001
|
||||||
|
volumes:
|
||||||
|
- ./bluesky-pds:/pds
|
||||||
|
labels:
|
||||||
|
traefik.enable: "true"
|
||||||
|
traefik.http.routers.bluesky-pds-insecure.entrypoints: http
|
||||||
|
traefik.http.routers.bluesky-pds-insecure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`)
|
||||||
|
# traefik.http.routers.bluesky-pds-insecure.middlewares: BlueskyHeaders@file
|
||||||
|
traefik.http.routers.bluesky-pds-secure.entrypoints: https
|
||||||
|
traefik.http.routers.bluesky-pds-secure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.com`)
|
||||||
|
traefik.http.routers.bluesky-pds-secure.tls: "true"
|
||||||
|
traefik.http.services.bluesky-pds.loadbalancer.server.scheme: http
|
||||||
|
traefik.http.services.bluesky-pds.loadbalancer.server.port: 3000
|
||||||
|
# traefik.http.routers.bluesky-pds-secure.middlewares: BlueskyHeaders@file
|
||||||
|
```
|
113
Docker Images/quartz.md
Normal file
113
Docker Images/quartz.md
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
---
|
||||||
|
title: quartz
|
||||||
|
draft: false
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
| | |
|
||||||
|
| ----------------------- | ---------------------------------------------------------------------------------------------- |
|
||||||
|
| Image on Forgejo | [Forgejo](https://code.modernleft.org/gravityfargo/-/packages/container/quartz-docker/v4.4.0) |
|
||||||
|
| Official quartz project | [GitHub - jackyzha0/quartz](https://github.com/jackyzha0/quartz) |
|
||||||
|
| Image Source | [Forgejo - gravityfargo/quartz-docker](https://code.modernleft.org/gravityfargo/quartz-docker) |
|
||||||
|
| Issue Tracker | |
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker pull code.modernleft.org/gravityfargo/quartz-docker:v4.4.0
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
This project runs Quartz v4.4.0, a fast, batteries-included static site generator, inside a Docker container. It transforms Markdown content into a fully functional website.
|
||||||
|
|
||||||
|
While Quartz provides [Docker support](https://quartz.jzhao.xyz/features/Docker-Support), it is not as self contained as this project.
|
||||||
|
|
||||||
|
There is no support for SSL or any other features that are not directly related to building the site. I run everything behind traefik, so I don't need it.
|
||||||
|
|
||||||
|
## 🐳 Docker Compose Setup
|
||||||
|
|
||||||
|
Create a data directory
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mkdir -p /srv/quartz
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml title="docker-compose.yml"
|
||||||
|
services:
|
||||||
|
quartz-wiki:
|
||||||
|
container_name: quartz-wiki
|
||||||
|
image: code.modernleft.org/gravityfargo/quartz-docker:dev
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
environment:
|
||||||
|
USER_ID: 1000
|
||||||
|
GROUP_ID: 1001
|
||||||
|
SERVER_NAME: "docs.modernleft.org"
|
||||||
|
ENABLE_CRON: "true"
|
||||||
|
BUILD_SCHEDULE: "*/30 * * * *"
|
||||||
|
CONTENT_REPO: "https://code.modernleft.org/gravityfargo/modernleft-docs.git"
|
||||||
|
volumes:
|
||||||
|
- /srv/quartz:/quartz
|
||||||
|
```
|
||||||
|
|
||||||
|
**First Run**
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker-compose up -d
|
||||||
|
docker stop quartz-wiki
|
||||||
|
```
|
||||||
|
|
||||||
|
On first run, the container will download the necessary dependencies, build the site, and download the content repository.
|
||||||
|
|
||||||
|
After that, you can configure whatever you would like in `/srv/quartz/src` using the stock options found in the quartz [documentation](https://quartz.jzhao.xyz/configuration) Bare minimum should be `baseUrl` and `pageTitle`.
|
||||||
|
|
||||||
|
🥳 Done! 🎉
|
||||||
|
|
||||||
|
## Manually Building the Site
|
||||||
|
|
||||||
|
If you don't use the cron job, and don't feel like restarting the container, you can build the site manually.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker exec -it quartz-wiki bash
|
||||||
|
#
|
||||||
|
cd /quartz/content/ && git restore . && git pull
|
||||||
|
cd /quartz/src/ && npx quartz build
|
||||||
|
```
|
||||||
|
|
||||||
|
## ⚙️ Configuration
|
||||||
|
|
||||||
|
**cron**
|
||||||
|
|
||||||
|
This is the an equivalent command to the cron job.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd /quartz/content
|
||||||
|
git restore .
|
||||||
|
git pull
|
||||||
|
cd /quartz/src &
|
||||||
|
npx quartz build
|
||||||
|
echo 'Content Updated.'
|
||||||
|
```
|
||||||
|
|
||||||
|
Setting `ENABLE_CRON` to `true` and defining `BUILD_SCHEDULE` performs these actions.
|
||||||
|
If you need help configuring [Crontab.guru - The cron schedule expression generator](https://crontab.guru/) is a useful tool for that
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
environment:
|
||||||
|
ENABLE_CRON: "true"
|
||||||
|
BUILD_SCHEDULE: "*/1 * * * *" # Runs every minute
|
||||||
|
```
|
||||||
|
|
||||||
|
### Environment Variables
|
||||||
|
|
||||||
|
| Variable | Description | Default Value |
|
||||||
|
| -------------------- | ---------------------------------------------------- | ---------------------------------------------------- |
|
||||||
|
| `USER_ID`/`GROUP_ID` | UID/GID that` /quartz` will be chown'd to on startup | `1000`:`1000` |
|
||||||
|
| `NGINX_PORT` | Port for the Nginx server | `80` |
|
||||||
|
| `SERVER_NAME` | NGINX server name | `quartz.zhao.xyz` |
|
||||||
|
| `ENABLE_CRON` | Enables scheduled builds (`true` or `false`) | `false` |
|
||||||
|
| `BUILD_SCHEDULE` | Cron expression for scheduling site builds | `"*/10 * * * *"` every 10 min |
|
||||||
|
| `CONTENT_REPO` | URL of the content repository | `https://code.modernleft.org/gravityfargo/empty.git` |
|
||||||
|
|
||||||
|
> [!NOTE] > `CONTENT_REPO` Must use https, not git.
|
33
Docker Images/quartz/Developing with Quartz.md
Normal file
33
Docker Images/quartz/Developing with Quartz.md
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
title: Developing with Quartz
|
||||||
|
draft: false
|
||||||
|
date: 2025-01-17
|
||||||
|
---
|
||||||
|
|
||||||
|
This container is also good for quickly developing components for Quartz. It is a good way to test things out without having to install anything on your local machine, and a simple `make run` -> `ctrl-c` -> `up arrow` -> `enter` is all you need to see your changes.
|
||||||
|
|
||||||
|
I keep all of my projects in `~/Repositories`, so I would do this:
|
||||||
|
|
||||||
|
Link my primary development folder to the container repo's source folder:
|
||||||
|
```bash
|
||||||
|
cd ~/Repositories
|
||||||
|
git clone git@git.modernleft.org:gravityfargo/quartz-docker.git
|
||||||
|
git clone git@github.com:jackyzha0/quartz.git
|
||||||
|
```
|
||||||
|
|
||||||
|
Then mount the quartz directory to the development docker-compose file:
|
||||||
|
```yaml
|
||||||
|
volumes:
|
||||||
|
- ~/Repositories/quartz:/quartz/src
|
||||||
|
```
|
||||||
|
Then, you can run the container with the following command:
|
||||||
|
```bash
|
||||||
|
cd ~/Repositories/quartz-docker
|
||||||
|
make run
|
||||||
|
```
|
||||||
|
|
||||||
|
If 200+ files are claiming to be modified, you may need to disable filemode checking:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git config core.fileMode false
|
||||||
|
```
|
17
Tutorials/Docker/Proxy Network.md
Normal file
17
Tutorials/Docker/Proxy Network.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
title: Proxy Network
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-18
|
||||||
|
---
|
||||||
|
|
||||||
|
```json title="/etc/docker/daemon.json"
|
||||||
|
{
|
||||||
|
"ipv6": true,
|
||||||
|
"fixed-cidr-v6": "2001:db8:1::/64"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl reboot
|
||||||
|
docker network create --subnet=192.168.1.0/24 --ipv6 --attachable proxy
|
||||||
|
```
|
5
Tutorials/Docker/getting started.md
Normal file
5
Tutorials/Docker/getting started.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Getting Started
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-18
|
||||||
|
---
|
23
Tutorials/Traefik/CloudFlare.md
Normal file
23
Tutorials/Traefik/CloudFlare.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
title: CloudFlare
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-18
|
||||||
|
---
|
||||||
|
|
||||||
|
Disable:
|
||||||
|
- Always Use HTTPS
|
||||||
|
- Automatic HTTPS Rewrites
|
||||||
|
Enable:
|
||||||
|
- gRPC
|
||||||
|
- Pseudo IPv4 (headers)
|
||||||
|
|
||||||
|
|
||||||
|
If you have A and AAAA then the plugin `github.com/Paxxs/traefik-get-real-ip`
|
||||||
|
|
||||||
|
192.168.1.20 - - [19/Jan/2025:01:01:32 +0000] "GET /static/contentIndex.json HTTP/1.1" 304 0 "[https://docs.modernleft.org/"](https://docs.modernleft.org/"); "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" "2603:7080:f400:ed43:939f:266:9bef:e628, 172.71.255.28"
|
||||||
|
|
||||||
|
192.168.1.20 - proxy
|
||||||
|
172.71.255.28 - cloudflare ipv4
|
||||||
|
2603:7080:f400:ed43:939f:266:9bef:e628 - the actual user's ip
|
||||||
|
|
||||||
|
"Pseudo IPv4" is needed for this
|
21
index.md
Normal file
21
index.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
title: Home
|
||||||
|
draft: false
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
Welcome to the ModernLeft Documentation!
|
||||||
|
|
||||||
|
This is a consolidated wiki for most of my projects.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Docker Containers
|
||||||
|
|
||||||
|
### [[quartz]]
|
||||||
|
|
||||||
|
Simply [quartz](https://quartz.jzhao.xyz/), in a docker container. This wiki is running on it.
|
||||||
|
|
||||||
|
### [[bluesky-pds]]
|
||||||
|
|
||||||
|
A self-contained Docker image for the [Bluesky PDS (Personal Data Server)](https://github.com/bluesky-social/pds) for use with Traefik.
|
6
templates/primary.md
Normal file
6
templates/primary.md
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: ModernLeft - CHANGEME
|
||||||
|
draft: false
|
||||||
|
date: <% tp.file.creation_date("YYYY-MM-DD") %>
|
||||||
|
---
|
||||||
|
|
96
utilities/fail2ban-manager.md
Normal file
96
utilities/fail2ban-manager.md
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
---
|
||||||
|
title: fail2ban-manager
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
An extensible CLI tool for managing [fail2ban](https://github.com/fail2ban/fail2ban).
|
||||||
|
|
||||||
|
- [Introduction](#introduction)
|
||||||
|
- [Working with Jails](#working-with-jails)
|
||||||
|
- [Plugins](#plugins)
|
||||||
|
- [Cloudflare](#cloudflare)
|
||||||
|
- [Plugin: Hetzner](#plugin-hetzner)
|
||||||
|
- [Plugin: Telegram](#plugin-telegram)
|
||||||
|
- [Credits](#credits)
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
Source Code hosted on my [Forgejo instance](https://forgejo.gravityfargo.dev/gravityfargo/fail2ban-manager). Registration is enabled for the public with GitHub via Authentik.
|
||||||
|
|
||||||
|
Any issues and feature requests can be submitted here on GitHub.
|
||||||
|
|
||||||
|
This tool is designed to make managing fail2ban easier without the need to edit configuration files. It is designed to be extensible via plugins, and easy to use.
|
||||||
|
|
||||||
|
## Working with Jails
|
||||||
|
|
||||||
|
## Plugins
|
||||||
|
|
||||||
|
### Cloudflare
|
||||||
|
|
||||||
|
> Ban an IP address using IP Rules in [Cloudflare WAF](https://developers.cloudflare.com/waf/tools/ip-access-rules/create/). Jails are configured create rules in a specific DNS zone. Bans are cached in a database for fail2ban's check action to use.
|
||||||
|
|
||||||
|
| Notes | |
|
||||||
|
| -------------------- | ----------------------------------------------------------------- |
|
||||||
|
| Typer generated docs | [Link](man/cloudflare.md) |
|
||||||
|
| Provided via | [Officicial SDK](https://github.com/cloudflare/cloudflare-python) |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
https://github.com/Paxxs/traefik-get-real-ip
|
||||||
|
|
||||||
|
| Variable | Purpose |
|
||||||
|
| ---------------------- | ----------------------------------------- |
|
||||||
|
| `CLOUDFLARE_EMAIL` | Email address for Cloudflare account |
|
||||||
|
| `CLOUDFLARE_API_TOKEN` | Token with permissions to manage IP Rules |
|
||||||
|
|
||||||
|
1. Enable the Cloudflare plugin
|
||||||
|
|
||||||
|
```bash
|
||||||
|
f2bm plugin enable cloudflare
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Create an [API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/)
|
||||||
|
2. Get the [Zone ID](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) from Cloudflare and create a zone in the database
|
||||||
|
|
||||||
|
```bash
|
||||||
|
f2bm cloudflare create-zone 11111111111111111111111111111111 example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
### Plugin: Hetzner
|
||||||
|
|
||||||
|
> Whitelist ip addresses in the [Hetzner](https://www.hetzner.com/) cloud firewall, and bulk whitelist Cloudflare IP addresses.
|
||||||
|
|
||||||
|
| Notes | |
|
||||||
|
| -------------------- | --------------------------------------------------------------- |
|
||||||
|
| Typer generated docs | [Link](man/hetzner.md) |
|
||||||
|
| Provided via | [Officicial SDK](https://github.com/hetznercloud/hcloud-python) |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
1. Enable the Hetzner plugin
|
||||||
|
|
||||||
|
```bash
|
||||||
|
f2bm plugin enable hetzner
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Create an [API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/)
|
||||||
|
|
||||||
|
### Plugin: Telegram
|
||||||
|
|
||||||
|
> Send a message to a Telegram chat. Custom messages per-jail are supported as well as seperate groups for each jail.
|
||||||
|
|
||||||
|
| Notes | |
|
||||||
|
| -------------------- | ----------------------------------------------------------------- |
|
||||||
|
| Typer generated docs | [Link](man/telegram.md) |
|
||||||
|
| Provided via | [Rest API](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
- [Typer](https://github.com/fastapi/typer), build great CLIs. Easy to code. Based on Python type hints.
|
||||||
|
|
||||||
|
- [Rich](https://github.com/Textualize/rich) is a Python library for rich text and beautiful formatting in the terminal.
|
||||||
|
|
||||||
|
- [envoyer](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) Stupid simple notifications library. (My Project)
|
274
utilities/fail2ban-manager/base.md
Normal file
274
utilities/fail2ban-manager/base.md
Normal file
|
@ -0,0 +1,274 @@
|
||||||
|
---
|
||||||
|
title: fail2ban-manager plugin
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--install-completion`: Install completion for the current shell.
|
||||||
|
- `--show-completion`: Show completion for the current shell, to copy it or customize the installation.
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `jail`: Configure Fail2ban jails.
|
||||||
|
- `config`: Configure fail2ban-manager's configuration.
|
||||||
|
- `plugin`: Configure fail2ban-manager's plugins.
|
||||||
|
|
||||||
|
## `fail2ban-manager jail`
|
||||||
|
|
||||||
|
Configure Fail2ban jails.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `ls`: List all defined jails.
|
||||||
|
- `enable`: Enable a jail.
|
||||||
|
- `disable`: Disable a jail.
|
||||||
|
- `info`: Display information about a jail.
|
||||||
|
- `edit`: Edit the properties of a jail.
|
||||||
|
|
||||||
|
### `fail2ban-manager jail ls`
|
||||||
|
|
||||||
|
List all defined jails.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail ls [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager jail enable`
|
||||||
|
|
||||||
|
Enable a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail enable [OPTIONS] NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager jail disable`
|
||||||
|
|
||||||
|
Disable a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail disable [OPTIONS] NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager jail info`
|
||||||
|
|
||||||
|
Display information about a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail info [OPTIONS] NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager jail edit`
|
||||||
|
|
||||||
|
Edit the properties of a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager jail edit [OPTIONS] NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `NAME`: Name of the jail. [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--backend TEXT`: The backend used to get file modifications.
|
||||||
|
|
||||||
|
Options: .
|
||||||
|
|
||||||
|
- `--bantime-increment`: Enable searching previously banned IPs to increment the ban time.
|
||||||
|
- `--bantime-rndtime INTEGER`: Add random time (in seconds) to the calculated ban time.
|
||||||
|
- `--bantime-maxtime INTEGER`: Maximum ban time (in seconds) that can be reached.
|
||||||
|
- `--bantime-factor FLOAT`: Factor used for exponential growth of ban time.
|
||||||
|
- `--bantime-formula TEXT`: Custom formula for calculating the next ban time.
|
||||||
|
- `--bantime-multipliers TEXT`: Custom multipliers for calculating the next ban time (e.g., 1 5 30 60).
|
||||||
|
- `--bantime-overalljails`: Search for banned IPs across all jails (default: false).
|
||||||
|
- `--ignoreself`: Ignore local/own IP addresses (default: true).
|
||||||
|
- `--ignoreip TEXT`: List of IPs, CIDR masks, or DNS hosts to ignore.
|
||||||
|
|
||||||
|
Example: "127.0.0.1/8 ::1"
|
||||||
|
|
||||||
|
- `--ignorecommand TEXT`: Command to dynamically determine if an IP should be ignored.
|
||||||
|
- `--bantime TEXT`: Duration for which a host is banned (e.g., 10m, 1h).
|
||||||
|
- `--findtime TEXT`: Time window for counting failed attempts before a ban (e.g., 10m).
|
||||||
|
- `--maxretry INTEGER`: Number of failed attempts allowed before a ban is triggered.
|
||||||
|
- `--maxmatches INTEGER`: Maximum number of stored matches for actions (defaults to maxretry).
|
||||||
|
- `--protocol TEXT`: Protocol to be banned (default: tcp).
|
||||||
|
- `--port TEXT`: Ports to ban (e.g., 0:65535 to ban all ports).
|
||||||
|
- `--chain TEXT`: Specify the chain where jumps will be added for ban actions.
|
||||||
|
- `--usedns TEXT`: Behavior for DNS lookups (yes, warn, no, raw).
|
||||||
|
- `--logencoding TEXT`: Encoding of the log files (e.g., utf-8, ascii, auto).
|
||||||
|
- `--action TEXT`: Default action for banning.
|
||||||
|
|
||||||
|
EX: action\_, action_mw, action_mwl, action_xarf, action_cf_mwl, action_abuseipdb
|
||||||
|
|
||||||
|
multiple values can be specified.
|
||||||
|
`--action action_ --action action_mw`
|
||||||
|
|
||||||
|
- `--mta TEXT`: Mail Transfer Agent (e.g., sendmail).
|
||||||
|
- `--sender TEXT`: Sender email address for notifications.
|
||||||
|
- `--destemail TEXT`: Destination email address for notifications.
|
||||||
|
- `--fail2ban-agent TEXT`: User-agent format for Fail2Ban.
|
||||||
|
- `--delete TEXT`: Delete an option from the jail.
|
||||||
|
|
||||||
|
Example: `--delete bantime`
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager config`
|
||||||
|
|
||||||
|
Configure fail2ban-manager's configuration.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager config [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `reset`: Copy default configurations from `*.conf`...
|
||||||
|
|
||||||
|
### `fail2ban-manager config reset`
|
||||||
|
|
||||||
|
Copy default configurations from `*.conf` to `*.local` and json files.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager config reset [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager plugin`
|
||||||
|
|
||||||
|
Configure fail2ban-manager's plugins.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager plugin [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `ls`: List installed plugins.
|
||||||
|
- `enable`: Enable a plugin.
|
||||||
|
- `disable`: Disable a plugin.
|
||||||
|
|
||||||
|
### `fail2ban-manager plugin ls`
|
||||||
|
|
||||||
|
List installed plugins.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager plugin ls [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager plugin enable`
|
||||||
|
|
||||||
|
Enable a plugin.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager plugin enable [OPTIONS] PLUGIN_NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `PLUGIN_NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
### `fail2ban-manager plugin disable`
|
||||||
|
|
||||||
|
Disable a plugin.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager plugin disable [OPTIONS] PLUGIN_NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `PLUGIN_NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
113
utilities/fail2ban-manager/plugins/cloudflare.md
Normal file
113
utilities/fail2ban-manager/plugins/cloudflare.md
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
---
|
||||||
|
title: fail2ban-manager plugin - cloudflare
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `zones`: List configured zones
|
||||||
|
- `zone-info`: Show information about a zone.
|
||||||
|
- `create-zone`: Create a new zone in the database.
|
||||||
|
- `check-ip`: Check if an IP is banned based on rules...
|
||||||
|
- `ban`: Check if an IP is banned based on rules...
|
||||||
|
|
||||||
|
## `fail2ban-manager cloudflare zones`
|
||||||
|
|
||||||
|
List configured zones
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare zones [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager cloudflare zone-info`
|
||||||
|
|
||||||
|
Show information about a zone.
|
||||||
|
|
||||||
|
This command will pull the rules from Cloudflare and update the database as well as display the rules in a table.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare zone-info [OPTIONS] ZONE_ID
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `ZONE_ID`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager cloudflare create-zone`
|
||||||
|
|
||||||
|
Create a new zone in the database.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare create-zone [OPTIONS] ZONE_ID NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `ZONE_ID`: [required]
|
||||||
|
- `NAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager cloudflare check-ip`
|
||||||
|
|
||||||
|
Check if an IP is banned based on rules cached in the database.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare check-ip [OPTIONS] IP
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `IP`: IP Address to check [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager cloudflare ban`
|
||||||
|
|
||||||
|
Check if an IP is banned based on rules cached in the database.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager cloudflare ban [OPTIONS] ZONE_ID IP
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `ZONE_ID`: [required]
|
||||||
|
- `IP`: IP Address to ban [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
176
utilities/fail2ban-manager/plugins/hetzner.md
Normal file
176
utilities/fail2ban-manager/plugins/hetzner.md
Normal file
|
@ -0,0 +1,176 @@
|
||||||
|
---
|
||||||
|
title: fail2ban-manager plugin - hetzner
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `info`: Check the status of the Hetzner plugin.
|
||||||
|
- `update`: Update the configuration.
|
||||||
|
- `reset`: Reset the configuration to defaults.
|
||||||
|
- `token`: Set Hetzner API token.
|
||||||
|
- `firewall-info`: Pull the firewalls from the server.
|
||||||
|
- `whitelist`: Whitelist an IP address.
|
||||||
|
- `whitelist-cloudflare`: Whitelist Cloudflare IP addresses.
|
||||||
|
- `delete-rule`: Delete a firewall rule.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner info`
|
||||||
|
|
||||||
|
Check the status of the Hetzner plugin.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner info [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner update`
|
||||||
|
|
||||||
|
Update the configuration.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner update [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner reset`
|
||||||
|
|
||||||
|
Reset the configuration to defaults.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner reset [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner token`
|
||||||
|
|
||||||
|
Set Hetzner API token.
|
||||||
|
|
||||||
|
Warning: If token_str is specified, it will be save in plaintext in the database.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner token [OPTIONS] [TOKEN_STR]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `[TOKEN_STR]`: The Hetzner API token.
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--use-env`: Use the `HETZNER_TOKEN` environment variable.
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner firewall-info`
|
||||||
|
|
||||||
|
Pull the firewalls from the server.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner firewall-info [OPTIONS] FIREWALL_ID
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner whitelist`
|
||||||
|
|
||||||
|
Whitelist an IP address.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
fail2ban-manager hetzner whitelist <FIREWALLID> --self
|
||||||
|
fail2ban-manager hetzner whitelist <FIREWALLID> <IP>
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner whitelist [OPTIONS] FIREWALL_ID [IP] [PORT]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
|
||||||
|
- `[IP]`: An IP to whitelist.
|
||||||
|
- `[PORT]`: any, 443, 80-85 [default: any]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--self`: Whitelist the External IP of the current machine.
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner whitelist-cloudflare`
|
||||||
|
|
||||||
|
Whitelist Cloudflare IP addresses.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner whitelist-cloudflare [OPTIONS] FIREWALL_ID [PORT]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
|
||||||
|
- `[PORT]`: any, 443, 80-85 [default: 443]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager hetzner delete-rule`
|
||||||
|
|
||||||
|
Delete a firewall rule.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
fail2ban-manager hetzner delete-rule <FIREWALLID> "fail2ban-manager whitelist - <PORT>"
|
||||||
|
fail2ban-manager hetzner delete-rule <FIREWALLID> "fail2ban-manager cloudflare whitelist - <PORT>"
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager hetzner delete-rule [OPTIONS] FIREWALL_ID DESCRIPTION
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `FIREWALL_ID`: The ID of the firewall to pull from the server. [required]
|
||||||
|
- `DESCRIPTION`: The description of the rule to delete. [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
144
utilities/fail2ban-manager/plugins/telegram.md
Normal file
144
utilities/fail2ban-manager/plugins/telegram.md
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
---
|
||||||
|
title: fail2ban-manager plugin - telegram
|
||||||
|
draft: true
|
||||||
|
date: 2025-01-16
|
||||||
|
---
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram [OPTIONS] COMMAND [ARGS]...
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--install-completion`: Install completion for the current shell.
|
||||||
|
- `--show-completion`: Show completion for the current shell, to copy it or customize the installation.
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
**Commands**:
|
||||||
|
|
||||||
|
- `ls`: List all jails with Telegram notifications.
|
||||||
|
- `add-to-jail`: Add the Telegram provider to a jail.
|
||||||
|
- `remove-from-jail`: Remove the Telegram provider from a jail.
|
||||||
|
- `edit-message`: Set the message for a specific action.
|
||||||
|
- `enable-message`: Enable a message for a specific action in...
|
||||||
|
- `send`: Send a messague to a Telegram bot.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram ls`
|
||||||
|
|
||||||
|
List all jails with Telegram notifications.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram ls [OPTIONS]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram add-to-jail`
|
||||||
|
|
||||||
|
Add the Telegram provider to a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram add-to-jail [OPTIONS] JAILNAME TOKEN CHATID
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `JAILNAME`: [required]
|
||||||
|
- `TOKEN`: [env var: TELEGRAM_API_TOKEN; required]
|
||||||
|
- `CHATID`: [env var: TELEGRAM_CHAT_ID; required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram remove-from-jail`
|
||||||
|
|
||||||
|
Remove the Telegram provider from a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram remove-from-jail [OPTIONS] JAILNAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `JAILNAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram edit-message`
|
||||||
|
|
||||||
|
Set the message for a specific action.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram edit-message [OPTIONS] JAILNAME ACTION MESSAGE
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `JAILNAME`: [required]
|
||||||
|
- `ACTION`: The action to send a message for. [required]
|
||||||
|
- `MESSAGE`: The action to send. [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram enable-message`
|
||||||
|
|
||||||
|
Enable a message for a specific action in a jail.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram enable-message [OPTIONS] JAILNAME
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `JAILNAME`: [required]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--start`: Enable message for start action.
|
||||||
|
- `--stop`: Enable message for stop action.
|
||||||
|
- `--check`: Enable message for check action.
|
||||||
|
- `--ban`: Enable message for ban action.
|
||||||
|
- `--unban`: Enable message for unban action.
|
||||||
|
- `--help`: Show this message and exit.
|
||||||
|
|
||||||
|
## `fail2ban-manager telegram send`
|
||||||
|
|
||||||
|
Send a messague to a Telegram bot.
|
||||||
|
|
||||||
|
**Usage**:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ fail2ban-manager telegram send [OPTIONS] ACTION JAILNAME [TOKEN] [CHATID]
|
||||||
|
```
|
||||||
|
|
||||||
|
**Arguments**:
|
||||||
|
|
||||||
|
- `ACTION`: The action to send a message for. [required]
|
||||||
|
- `JAILNAME`: Name of the jail sending the message [required]
|
||||||
|
- `[TOKEN]`: [env var: TELEGRAM_API_TOKEN]
|
||||||
|
- `[CHATID]`: [env var: TELEGRAM_CHAT_ID]
|
||||||
|
|
||||||
|
**Options**:
|
||||||
|
|
||||||
|
- `--ip TEXT`: IP address of the banned/unbanned IP
|
||||||
|
- `--failures INTEGER`: Number of failures before ban [default: 0]
|
||||||
|
- `--help`: Show this message and exit.
|
Loading…
Reference in a new issue