From 70ba4b240f604d82bcfb8578807558f43bee6776 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Tue, 13 Apr 2021 16:44:49 -0400
Subject: [PATCH] Allow configurable fail2ban IPs

---
 roles/base/defaults/main.yml                           | 2 ++
 roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 4111dcb..663af4f 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
 deploy_username: "deploy"
+fail2ban_ignorelist:
+  - 10.0.0.0/8
diff --git a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
index 1ba69dd..f58b046 100644
--- a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
+++ b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2
@@ -1,7 +1,7 @@
 [DEFAULT]
 maxretry    = 3
 bantime     = 14400
-ignoreip    = 127.0.0.0/8 10.0.0.0/8 198.55.48.48/28
+ignoreip    = 127.0.0.0/8 {% for ignore in fail2ban_ignorelist %}{{ ignore }} {% endfor %}
 
 [ssh]
 enabled     = true