From 69a60e8a787f4843515d391ddb925ec3317b0019 Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Wed, 12 Feb 2025 10:09:41 +0100
Subject: [PATCH] add ingore domain for fail2ban in .env

---
 main.env.sample               |  5 +++++
 utils/configure_base_tools.sh | 27 +++++++++++++++++++++++++--
 utils/getIgnoreIp.sh          | 26 ++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 utils/getIgnoreIp.sh

diff --git a/main.env.sample b/main.env.sample
index 30a746d..f1c589d 100644
--- a/main.env.sample
+++ b/main.env.sample
@@ -13,6 +13,11 @@ export DOMAIN="dev.tetras-libre.fr"
 
 export SERVER_ADMIN="sysadmin@tetras-libre.fr"
 
+export IGNORE_DOMAINES=(
+    "tetrix.tetras-libre.fr"
+    "piculus.tetras-libre.fr"
+)
+
 # can be set to nginx
 export WEB_SERVER="apache2"
 # You can define here some services that are badly detected by checkrestart
diff --git a/utils/configure_base_tools.sh b/utils/configure_base_tools.sh
index 0952246..622cb42 100755
--- a/utils/configure_base_tools.sh
+++ b/utils/configure_base_tools.sh
@@ -1,6 +1,18 @@
 #!/bin/bash
+set -o nounset                              # Treat unset variables as an error
+
 echo "RUN $(basename "$0") ==="
 
+DIR=$(realpath $(dirname $0)/..)
+if [ ! -e $DIR/main.env ]
+then
+    echo "Please copy in racine of NoCloud Auto Installer main.env.sample to main.env and edit it"
+    exit 1
+else
+    echo "Environment file loaded"
+fi
+. $DIR/main.env
+
 
 if [ -z "$(grep '^alias ls=' /root/.bashrc)" ]
 then
@@ -35,10 +47,21 @@ syntax on
 filetype plugin indent on
 EOF
 
+ignoreips=()
+
+for domaine in "${IGNORE_DOMAINES[@]}"; do
+    # Utilise dig pour obtenir l'adresse IP
+    ip=$(dig +short "$domaine")
+    ignoreips=("${ignoreips[@]}" $ip)
+    # Affiche le nom de domaine et l'adresse IP
+    echo "$domaine : $ip"
+done
+
 cat <<EOF > /etc/fail2ban/jail.local
 [DEFAULT]
 
-# Ignore Tetras Libre IPs
-ignoreip = 127.0.0.1/8 ::1 $(dig +short servermon.tetras-libre.fr | tail -n 1) $(dig +short tetrix.tetras-libre.fr | tail -n 1) $(docker network inspect traefik | awk '/Subnet/{print $2}' | sed -e 's/"//g' -e 's/,$//')
+ignoreip = 127.0.0.1/8 ::1 ${ignoreips[@]} $(docker network inspect traefik | awk '/Subnet/{print $2}' | sed -e 's/"//g' -e 's/,$//')
+
 EOF
+
 fail2ban-client reload
diff --git a/utils/getIgnoreIp.sh b/utils/getIgnoreIp.sh
new file mode 100644
index 0000000..f8cdad8
--- /dev/null
+++ b/utils/getIgnoreIp.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -o nounset                              # Treat unset variables as an error
+
+echo "RUN $(basename "$0") ==="
+
+DIR=$(realpath $(dirname $0)/..)
+if [ ! -e $DIR/main.env ]
+then
+    echo "Please copy in racine of NoCloud Auto Installer main.env.sample to main.env and edit it"
+    exit 1
+else
+    echo "Environment file loaded"
+fi
+. $DIR/main.env
+
+
+ignoreips=()
+
+for domaine in "${IGNORE_DOMAINES[@]}"; do
+    # Utilise dig pour obtenir l'adresse IP
+    ip=$(dig +short "$domaine")
+    ignoreips=("${ignoreips[@]}" $ip)
+    # Affiche le nom de domaine et l'adresse IP
+    echo "$domaine : $ip"
+done
-- 
GitLab