From c371f77e3b277a89a3f80e2991e9656ac13ef1b7 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri, 5 Apr 2024 16:32:13 -0700
Subject: [PATCH] nextcloud: Remove fail2ban jail, brute force protection
 present

Nextcloud has a built-in brute force protection[1]. Combined with good password
policies, fail2ban is not required. Built-in protection is better than fail2ban
because, fail2ban makes the service unavailable which causes some confusion to a
genuine user.

Links:

1) https://docs.nextcloud.com/server/19/admin_manual/configuration_server/bruteforce_configuration.html

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/nextcloud/__init__.py                       | 2 --
 .../etc/fail2ban/filter.d/nextcloud-freedombox.conf        | 7 -------
 .../etc/fail2ban/jail.d/nextcloud-freedombox.conf          | 4 ----
 3 files changed, 13 deletions(-)
 delete mode 100644 plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/filter.d/nextcloud-freedombox.conf
 delete mode 100644 plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/jail.d/nextcloud-freedombox.conf

diff --git a/plinth/modules/nextcloud/__init__.py b/plinth/modules/nextcloud/__init__.py
index 5e1cad381..4c3b1dbe4 100644
--- a/plinth/modules/nextcloud/__init__.py
+++ b/plinth/modules/nextcloud/__init__.py
@@ -72,8 +72,6 @@ class NextcloudApp(app_module.App):
 
         dropin_configs = DropinConfigs('dropin-configs-nextcloud', [
             '/etc/apache2/conf-available/nextcloud-freedombox.conf',
-            '/etc/fail2ban/jail.d/nextcloud-freedombox.conf',
-            '/etc/fail2ban/filter.d/nextcloud-freedombox.conf',
             '/etc/redis/conf.d/freedombox.conf',
         ])
         self.add(dropin_configs)
diff --git a/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/filter.d/nextcloud-freedombox.conf b/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/filter.d/nextcloud-freedombox.conf
deleted file mode 100644
index 7f2f0ad4b..000000000
--- a/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/filter.d/nextcloud-freedombox.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[INCLUDES]
-before = common.conf
-
-[Definition]
-_daemon = apache-access
-prefregex = %(__prefix_line)s
-failregex = \S+ <HOST>(?::\d+)? - \S+ \[[^\]]*\] "GET /nextcloud/login\?direct=1&user=\S+ HTTP/\S+" 200
diff --git a/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/jail.d/nextcloud-freedombox.conf b/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/jail.d/nextcloud-freedombox.conf
deleted file mode 100644
index a634a6ef9..000000000
--- a/plinth/modules/nextcloud/data/usr/share/freedombox/etc/fail2ban/jail.d/nextcloud-freedombox.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-[nextcloud-freedombox]
-enabled = true
-filter = nextcloud-freedombox
-journalmatch = SYSLOG_IDENTIFIER=apache-access