From 61ec6091e1dc00f690b1eb8a1a624f9e73daf324 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 12 Oct 2019 11:54:44 +0100
Subject: [PATCH] Enable fail2ban for tile caches

---
 cookbooks/tilecache/metadata.rb        | 1 +
 cookbooks/tilecache/recipes/default.rb | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/cookbooks/tilecache/metadata.rb b/cookbooks/tilecache/metadata.rb
index 20ea55c6e..a20748624 100644
--- a/cookbooks/tilecache/metadata.rb
+++ b/cookbooks/tilecache/metadata.rb
@@ -10,3 +10,4 @@ depends           "ssl"
 depends           "squid"
 depends           "nginx"
 depends           "munin"
+depends           "fail2ban"
diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index f3b8382fb..4afda5568 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -22,6 +22,7 @@ require "ipaddr"
 include_recipe "ssl"
 include_recipe "squid"
 include_recipe "nginx"
+include_recipe "fail2ban"
 
 package "apache2" do
   action :remove
@@ -135,6 +136,10 @@ template "/etc/logrotate.d/nginx" do
   mode 0o644
 end
 
+fail2ban_jail "squid" do
+  maxretry 1000
+end
+
 tilerenders.each do |render|
   munin_plugin "ping_#{render[:fqdn]}" do
     target "ping_"
-- 
2.43.2