From 7239a9e41b41a3a952fcf49ada3cf288f87b23fc Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Tue, 2 Apr 2024 10:49:19 +0200 Subject: [PATCH] Modify testing workflow, bump unbound, alpine and adguard versions, fix f2b on Debian 12 --- .github/workflows/ci.yml | 18 +++++++----------- roles/dns/templates/Dockerfile | 6 +++--- roles/fail2ban/templates/jail.local.j2 | 1 + 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 88fe2a7..b7d933e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -161,8 +161,6 @@ jobs: - name: Install git and expect (Debian-based) run: ssh root@$SERVER_IPV4 apt install -y git expect wamerican - - - uses: infraway/create-dns-record@v2.0 with: type: "A" @@ -429,15 +427,13 @@ jobs: - name: Delete all Cloudflare domains run: >- - curl -s -X GET https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records?per_page=500 - -H "Authorization: Bearer $CLOUDFLARE_TOKEN" - -H "Content-Type: application/json" | - jq .result[].id | - tr -d '"' | - ( while read id; do curl -s -X DELETE - https://api.cloudflare.com/client/v4/zones/5420f91fefac252d89d9495a8d35ae73/dns_records/${id} - -H "Authorization: Bearer $CLOUDFLARE_TOKEN" - -H "Content-Type: application/json"; done; ) + curl --silent "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?per_page=50000" \ + --header "Authorization: Bearer $CLOUDFLARE_TOKEN" \ + | jq --raw-output '.result[].id' | while read id + do + curl --silent --request DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$id" \ + --header "Authorization: Bearer $CLOUDFLARE_TOKEN" + done env: CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE }} diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile index 4595f36..0557dfe 100644 --- a/roles/dns/templates/Dockerfile +++ b/roles/dns/templates/Dockerfile @@ -1,9 +1,9 @@ -FROM alpine:3.15 +FROM alpine:3.18 RUN apk add --no-cache \ libcap \ - unbound=1.13.2-r2 \ + unbound=1.19.3-r0 \ dnscrypt-proxy WORKDIR /tmp @@ -13,7 +13,7 @@ RUN wget https://www.internic.net/domain/named.root -qO- >> /etc/unbound/root.hi COPY files/ /opt/ # AdGuardHome -RUN wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.16/AdGuardHome_linux_{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}.tar.gz >/dev/null 2>&1 \ +RUN wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.46/AdGuardHome_linux_{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}.tar.gz >/dev/null 2>&1 \ && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work \ && tar xf AdGuardHome_linux_{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}.tar.gz ./AdGuardHome/AdGuardHome --strip-components=2 -C /opt/adguardhome \ && /bin/ash /opt/adguardhome \ diff --git a/roles/fail2ban/templates/jail.local.j2 b/roles/fail2ban/templates/jail.local.j2 index fb6cc96..1c9e091 100755 --- a/roles/fail2ban/templates/jail.local.j2 +++ b/roles/fail2ban/templates/jail.local.j2 @@ -9,6 +9,7 @@ destemail = {{ email }} sender = {{ email }} [sshd] +backend = systemd enabled = true port = {{ ssh_port }} filter = sshd