Types to install fail2ban

- Install fail2ban server and client
- Configure path overrides
- Enable and configure jails

cdist/conf/type/__fail2ban/gencode-remote

@@ -0,0 +1,24 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+if [ -f "$__object/parameter/path-override" ]; then
+    echo "fail2ban-client reload"
+fi

cdist/conf/type/__fail2ban/man.rst

@@ -0,0 +1,53 @@
+cdist-type__fail2ban(7)
+=======================
+
+NAME
+----
+cdist-type__fail2ban - TODO
+
+
+DESCRIPTION
+-----------
+This space intentionally left blank.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+None.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # TODO
+    __fail2ban
+
+
+SEE ALSO
+--------
+:strong:`TODO`\ (7)
+
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__fail2ban/manifest

@@ -0,0 +1,43 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+   debian|ubuntu|devuan)
+      :
+   ;;
+   *)
+      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+      printf "Please contribute an implementation for it if you can.\n" >&2
+      exit 1
+   ;;
+esac
+
+
+__package_apt fail2ban
+
+if [ -f "$__object/parameter/path-override" ]; then
+    (
+        echo [DEFAULT]
+        cat "$__object/parameter/path-override"
+    ) |  __file /etc/fail2ban/paths-overrides.local --mode 644 --source -
+fi

cdist/conf/type/__fail2ban/parameter/optional_multiple

@@ -0,0 +1 @@
+path-override

cdist/conf/type/__fail2ban_jail/gencode-remote

@@ -0,0 +1,22 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+echo "fail2ban-client reload"

cdist/conf/type/__fail2ban_jail/man.rst

@@ -0,0 +1,53 @@
+cdist-type__fail2ban_jail(7)
+============================
+
+NAME
+----
+cdist-type__fail2ban_jail - TODO
+
+
+DESCRIPTION
+-----------
+This space intentionally left blank.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+None.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # TODO
+    __fail2ban_jail
+
+
+SEE ALSO
+--------
+:strong:`TODO`\ (7)
+
+
+AUTHORS
+-------
+Daniel Fancsali <fancsali@gmail.com>
+
+
+COPYING
+-------
+Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__fail2ban_jail/manifest

@@ -0,0 +1,46 @@
+#!/bin/sh -e
+#
+# 2021 Daniel Fancsali (fancsali@gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+   debian|ubuntu|devuan)
+      :
+   ;;
+   *)
+      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+      printf "Please contribute an implementation for it if you can.\n" >&2
+      exit 1
+   ;;
+esac
+
+export require="__fail2ban"
+
+__file /etc/fail2ban/jail.local --mode 644
+
+export require="__file/etc/fail2ban/jail.local"
+(
+    echo [$__object_id]
+    echo "enabled = true"
+    if [ -f "$__object/parameter/override" ]; then
+        cat "$__object/parameter/override"
+    fi
+) |  __block /etc/fail2ban/jail.local:$__object_id --file /etc/fail2ban/jail.local --text -

cdist/conf/type/__fail2ban_jail/parameter/optional_multiple

@@ -0,0 +1 @@
+override