From 8c2405c7b714ba17b2ccb81a3d714705303117d3 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@lunch.org.uk>
Date: Mon, 27 Feb 2023 14:44:50 +0000
Subject: [PATCH] Add fail2ban and firewalld and test out with hedwig.

---
 states/debian/init.sls      | 6 ++++++
 states/fail2ban/init.sls    | 5 +++++
 states/firewalls/hedwig.sls | 8 ++++++++
 states/top.sls              | 2 ++
 4 files changed, 21 insertions(+)
 create mode 100644 states/fail2ban/init.sls
 create mode 100644 states/firewalls/hedwig.sls

diff --git a/states/debian/init.sls b/states/debian/init.sls
index 3a385b7..a897192 100644
--- a/states/debian/init.sls
+++ b/states/debian/init.sls
@@ -13,3 +13,9 @@ ntp:
   service.running:
     - require:
       - pkg: ntp
+
+firewalld:
+  pkg.installed: []
+  service.running:
+    - enable: true
+    - restart: true
diff --git a/states/fail2ban/init.sls b/states/fail2ban/init.sls
new file mode 100644
index 0000000..40f6ab2
--- /dev/null
+++ b/states/fail2ban/init.sls
@@ -0,0 +1,5 @@
+fail2ban:
+  pkg.installed: []
+  service.running:
+    - enable: True
+    - reload: True
diff --git a/states/firewalls/hedwig.sls b/states/firewalls/hedwig.sls
new file mode 100644
index 0000000..dd5d8a9
--- /dev/null
+++ b/states/firewalls/hedwig.sls
@@ -0,0 +1,8 @@
+hedwig_public:
+  firewalld.present:
+    - name: public
+    - default: False
+    - ports:
+      - 22/tcp
+    - require:
+      - firewalld
diff --git a/states/top.sls b/states/top.sls
index 955bc09..1544f48 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -4,6 +4,8 @@ base:
   
   'hedwig.lunch.org.uk':
     - debian
+    - fail2ban
+    - firewalls/hedwig
 
   'scabbers.lunch.org.uk':
     - debian