From 29363ebf80ec0591a3bce5454c7eb45e6c6f7b92 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Fri, 1 Sep 2023 15:42:25 -0400
Subject: [PATCH] Allow configurable fail2ban IPs

---
 roles/base/defaults/main.yml                           | 2 ++
 roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 4111dcb..663af4f 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
 deploy_username: "deploy"
+fail2ban_ignorelist:
+  - 10.0.0.0/8
diff --git a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
index 1ba69dd..f58b046 100644
--- a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
+++ b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
@@ -1,7 +1,7 @@
 [DEFAULT]
 maxretry    = 3
 bantime     = 14400
-ignoreip    = 127.0.0.0/8 10.0.0.0/8 198.55.48.48/28
+ignoreip    = 127.0.0.0/8 {% for ignore in fail2ban_ignorelist %}{{ ignore }} {% endfor %}
 
 [ssh]
 enabled     = true