From 0ffb1b1a36450314d7fe54f36163c2fa4d3c9558 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Tue, 4 Jan 2022 15:10:02 +0200
Subject: [PATCH] roles/common: use pyinotify backend for nginx fail2ban jail

This seems to be automatically selected, but on some other servers
I notice it is not. I will set it here explicitly so fail2ban does
not fall back to the inefficient "polling" or incorrect "systemd"
backends.
---
 roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2 b/roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2
index 8051798..ed934b9 100644
--- a/roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2
+++ b/roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2
@@ -9,6 +9,7 @@ banaction=nftables[type=allports]
 # Integrate with firewalld and ipsets
 banaction = firewallcmd-ipset
 {% endif %}
+backend   = pyinotify
 logpath   = /var/log/nginx/*-access.log
 # Try to find a non-existent wp-login.php once and get banned. Tough luck.
 maxretry  = 1