I’ve recently set up fail2ban for ssh on one of my servers using https://galaxy.ansible.com/tersmitten/fail2ban/ . This was very easy, and I’m loving galaxy.
Now, I’m wanting to extend fail2ban to also block IPs that have failed basic auth checks in Apache too many times. Since all my hosts run ssh, but not all run Apache, I’ve created a new role for this (cleverly named ‘apache’, while the first is ‘common’). However, as shown in the fail2ban role’s README, configuration of individual services is done with an array, fail2ban_services, and redefining that in my apache role overwrites what was defined in common (or, due to timing, vice versa).
I’ve seen that I can change the hash behavior0, which would seem to do what I want. I’m wary of this, however, since it’s a global change.
There is also the combine filter for jinja1, but reports2 indicate I can’t do what I want, which would be
fail2ban_services: “{{ fail2ban_services | combine({…}) }}”
Is there another method to do this combination? Or perhaps am I going about this the wrong way, and should be architecting this differently?
Thanks.
- jph