Ansible fixes

ansible/README.md

@@ -37,7 +37,7 @@ Each role can be used independently or together via the main playbook.
 
    Or pass the API token directly:
    ```bash
-   ansible-playbook playbook.yml -e gen0sec_api_token=your_key_here
+   ansible-playbook playbook.yml -e gen0sec_api_key=your_key_here
    ```
 
 ## Playbook Features
@@ -58,7 +58,7 @@ Each role can be used independently or together via the main playbook.
 
 - `synapse_version`: Version of synapse to install (default: `0.3.2`)
 - `synapse_branch`: GitHub branch for configuration files (default: `main`)
-- `gen0sec_api_token`: Gen0Sec API token (used for both synapse and fail2ban, optional, can be set later)
+- `gen0sec_api_key`: Gen0Sec API key (used for both synapse and fail2ban, optional, can be set later)
 - `clamav_enabled`: Enable ClamAV installation and configuration (default: `true`)
 - `redis_enabled`: Enable Redis installation (default: `true`)
 

ansible/group_vars/all.example.yml

@@ -9,7 +9,7 @@ synapse_version: "0.3.2"
 synapse_branch: "main"
 
 # Gen0Sec API token (required - used for both synapse and fail2ban)
-gen0sec_api_token: "your_api_key_here"
+gen0sec_api_key: "your_api_key_here"
 
 # Optional services
 clamav_enabled: true  # Set to false to disable ClamAV installation

ansible/hosts.example

@@ -1,13 +1,36 @@
 # Example inventory file
 # Copy this to 'hosts' and configure your target servers
 
-# Single host
-synapse-host
+# Single host (defaults to agent mode)
+# synapse-host ansible_user=root
 
-# Or with connection details:
-# synapse-host ansible_host=192.168.1.100 ansible_user=root
+# With explicit mode (agent = monitoring only, proxy = full reverse proxy)
+# my-agent ansible_host=192.168.1.100 ansible_user=root synapse_config_mode=agent
+# my-proxy ansible_host=192.168.1.101 ansible_user=root synapse_config_mode=proxy
 
-# Or multiple hosts:
-# [synapse-servers]
-# server1 ansible_host=192.168.1.100
-# server2 ansible_host=192.168.1.101
+# Per-host API key
+# agent1 ansible_user=root synapse_config_mode=agent gen0sec_api_key=key-for-agent1
+# agent2 ansible_user=root synapse_config_mode=agent gen0sec_api_key=key-for-agent2
+
+# Group-based configuration (recommended for multiple hosts)
+# [agents]
+# agent1 ansible_host=192.168.1.100
+# agent2 ansible_host=192.168.1.101
+#
+# [agents:vars]
+# synapse_config_mode=agent
+#
+# [proxies]
+# proxy1 ansible_host=192.168.1.200
+#
+# [proxies:vars]
+# synapse_config_mode=proxy
+# redis_enabled=true
+# clamav_enabled=true
+#
+# [synapse:children]
+# agents
+# proxies
+#
+# [synapse:vars]
+# gen0sec_api_key=your-api-key-here

ansible/playbook.yml

@@ -5,7 +5,8 @@
   vars:
     synapse_version: "0.3.2"
     synapse_branch: "main"
-    gen0sec_api_token: ""  # Gen0Sec API token (used for both synapse and fail2ban)
+    g0s_api_key: ""  # Shorthand alias for gen0sec_api_key
+    gen0sec_api_key: "{{ g0s_api_key }}"  # Gen0Sec API key (used for both synapse and fail2ban)
     # Optional services
     clamav_enabled: true  # Set to false to disable ClamAV installation
     redis_enabled: true   # Set to false to disable Redis installation

ansible/roles/fail2ban/README.md

@@ -5,7 +5,7 @@ This role configures Fail2Ban with Gen0Sec API integration.
 ## Role Variables
 
 - `fail2ban_enabled`: Enable Fail2Ban integration (default: `false`)
-- `gen0sec_api_token`: Gen0Sec API token (used for both synapse and fail2ban)
+- `gen0sec_api_key`: Gen0Sec API key (used for both synapse and fail2ban)
 - `gen0sec_expiration`: Block expiration time in seconds (default: `600`)
 - `fail2ban_jail_enabled`: Enable fail2ban jails (default: `true`)
 - `fail2ban_backend`: Fail2Ban backend (default: `systemd`)
@@ -27,7 +27,7 @@ Include in a playbook:
     - role: fail2ban
       vars:
         fail2ban_enabled: true
-        gen0sec_api_token: "your_token"
+        gen0sec_api_key: "your_key"
 ```
 
 Or conditionally:

ansible/roles/fail2ban/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 # Default variables for fail2ban role
 fail2ban_enabled: false
-gen0sec_api_token: ""
+gen0sec_api_key: ""
 gen0sec_expiration: 600
 fail2ban_jail_enabled: true
 fail2ban_backend: systemd

ansible/roles/fail2ban/tasks/main.yml

@@ -10,34 +10,14 @@
     name: jq
     state: present
 
-- name: Download Gen0Sec action file
-  ansible.builtin.get_url:
-    url: "https://raw.githubusercontent.com/gen0sec/example/refs/heads/main/fail2ban/gen0sec.conf"
+- name: Deploy Gen0Sec action file from template
+  ansible.builtin.template:
+    src: gen0sec.conf.j2
     dest: /etc/fail2ban/action.d/gen0sec.conf
     mode: '0640'
     owner: root
     group: root
-
-- name: Configure Gen0Sec API token
-  ansible.builtin.replace:
-    path: /etc/fail2ban/action.d/gen0sec.conf
-    regexp: '^g0stoken\s*=.*$'
-    replace: 'g0stoken = {{ gen0sec_api_token }}'
-  when: gen0sec_api_token != ""
-
-- name: Configure Gen0Sec expiration
-  ansible.builtin.replace:
-    path: /etc/fail2ban/action.d/gen0sec.conf
-    regexp: '^expiration\s*=\s*<bantime>.*$'
-    replace: 'expiration = {{ gen0sec_expiration }}'
-
-- name: Ensure token is set in configuration file (fallback)
-  ansible.builtin.lineinfile:
-    path: /etc/fail2ban/action.d/gen0sec.conf
-    regexp: '^g0stoken\s*='
-    line: 'g0stoken = {{ gen0sec_api_token }}'
-    state: present
-  when: gen0sec_api_token != ""
+  when: gen0sec_api_key != ""
 
 - name: Configure DEFAULT section in jail.local
   ansible.builtin.blockinfile:

ansible/roles/fail2ban/templates/gen0sec.conf.j2

@@ -0,0 +1,69 @@
+#
+# Gen0Sec API action file for Fail2Ban
+#
+# IMPORTANT
+#
+# Please set jail.local's permission to 640 because it contains your Gen0Sec API token.
+#
+# This action depends on curl (and optionally jq).
+#
+# To get your Gen0Sec API token, visit your Gen0Sec dashboard.
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = curl -s -o /dev/null -X POST https://api.gen0sec.com/v1/signal \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer <g0stoken>' \
+            -H 'User-Agent: Fail2Ban by Gen0Sec' \
+            -d '[{"type":"access_rules","action":"block","ip":"<ip>","expiration":<expiration>,"description":"Fail2Ban <name>","name":"Fail2Ban"}]'
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# Note: Gen0Sec unban implementation depends on the API endpoint for removing rules.
+# If the API supports DELETE or a similar method, update this accordingly.
+actionunban = curl -s -o /dev/null -X POST https://api.gen0sec.com/v1/signal \
+              -H 'Content-Type: application/json' \
+              -H 'Authorization: Bearer <g0stoken>' \
+              -H 'User-Agent: Fail2Ban by Gen0Sec' \
+              -d '[{"type":"access_rules","action":"unblock","ip":"<ip>","expiration":0,"description":"Fail2Ban unban <name>","name":"Fail2Ban"}]'
+
+[Init]
+
+# Your Gen0Sec API Bearer token
+g0stoken = {{ gen0sec_api_key }}
+
+# Expiration time in seconds (default: 600 = 10 minutes)
+expiration = {{ gen0sec_expiration }}

ansible/roles/synapse/README.md

@@ -6,7 +6,7 @@ This role installs and configures synapse.
 
 - `synapse_version`: Version of synapse to install (default: `0.3.2`)
 - `synapse_branch`: GitHub branch for configuration files (default: `main`)
-- `gen0sec_api_token`: Gen0Sec API token to set in config.yaml (optional)
+- `gen0sec_api_key`: Gen0Sec API key to set in config.yaml (optional)
 - `clamav_enabled`: Enable ClamAV installation and configuration (default: `true`)
 - `redis_enabled`: Enable Redis installation (default: `true`)
 
@@ -38,5 +38,5 @@ Or with variables:
     - role: synapse
       vars:
         synapse_version: "0.3.2"
-        gen0sec_api_token: "your_key"
+        gen0sec_api_key: "your_key"
 ```

ansible/roles/synapse/defaults/main.yml

@@ -2,7 +2,7 @@
 # Default variables for synapse role
 synapse_version: "0.3.2"
 synapse_branch: "main"
-gen0sec_api_token: ""  # Gen0Sec API token (used for synapse config)
+gen0sec_api_key: ""  # Gen0Sec API key (used for synapse config)
 clamav_enabled: true  # Set to false to disable ClamAV installation
 redis_enabled: true   # Set to false to disable Redis installation
 
@@ -30,7 +30,7 @@ redis_enabled: true   # Set to false to disable Redis installation
 # synapse_config_redis_ssl_insecure: false
 
 # Arxignis/Gen0Sec configuration
-# synapse_config_arxignis_api_key: ""  # Will be set from gen0sec_api_token if not specified
+# synapse_config_arxignis_api_key: ""  # Will be set from gen0sec_api_key if not specified
 # synapse_config_arxignis_base_url: "https://api.gen0sec.com/v1"
 # synapse_config_arxignis_log_sending_enabled: true
 # synapse_config_arxignis_include_response_body: true

ansible/roles/synapse/tasks/main.yml

@@ -42,6 +42,7 @@
       - clamav
       - clamav-daemon
     state: present
+  register: clamav_debian_install
   when:
     - clamav_enabled | bool
     - ansible_facts["os_family"] == 'Debian'
@@ -63,6 +64,7 @@
       - clamav-freshclam
       - clamd
     state: present
+  register: clamav_redhat_install
   when:
     - clamav_enabled | bool
     - ansible_facts["os_family"] == 'RedHat'
@@ -89,7 +91,9 @@
   register: freshclam_result
   changed_when: true
   failed_when: false
-  when: clamav_enabled | bool
+  when:
+    - clamav_enabled | bool
+    - (clamav_debian_install.changed | default(false)) or (clamav_redhat_install.changed | default(false))
 
 - name: Set ClamAV config directory
   ansible.builtin.set_fact:
@@ -369,14 +373,14 @@
 
 - name: Detect primary network interface if not explicitly set
   ansible.builtin.set_fact:
-    synapse_config_network_iface: "{{ ansible_default_ipv4.interface | default('eth0') }}"
+    synapse_config_network_iface: "{{ ansible_facts['default_ipv4']['interface'] | default('eth0') }}"
   when: synapse_config_network_iface is not defined
 
-- name: Set arxignis API key from gen0sec_api_token if not explicitly set
+- name: Set arxignis API key from gen0sec_api_key if not explicitly set
   ansible.builtin.set_fact:
-    synapse_config_arxignis_api_key: "{{ gen0sec_api_token }}"
+    synapse_config_arxignis_api_key: "{{ gen0sec_api_key }}"
   when:
-    - gen0sec_api_token != ""
+    - gen0sec_api_key != ""
     - synapse_config_arxignis_api_key is not defined
 
 - name: Generate config.yaml from template

ansible/roles/synapse/templates/config.yaml.j2

@@ -40,8 +40,8 @@ redis:
 # Network Configuration
 network:
   # The network interface to attach the XDP program to
-  # Automatically detects primary interface from ansible_default_ipv4.interface if not specified
-  iface: {{ synapse_config_network_iface | default(ansible_default_ipv4.interface | default('eth0')) | quote }}
+  # Automatically detects primary interface from ansible_facts['default_ipv4']['interface'] if not specified
+  iface: {{ synapse_config_network_iface | default(ansible_facts['default_ipv4']['interface'] | default('eth0')) | quote }}
   # Additional network interfaces for XDP attach (overrides iface if set)
   ifaces: {{ synapse_config_network_ifaces | default([]) | to_json }}
   # Disable XDP packet filtering (run without BPF/XDP)
@@ -125,13 +125,13 @@ tcp_fingerprint:
 
 # Daemon Configuration
 daemon:
-  enabled: {{ synapse_config_daemon_enabled | default(false) | lower }}
+  enabled: {{ synapse_config_daemon_enabled | default(true) | lower }}
   pid_file: {{ synapse_config_daemon_pid_file | default('/var/run/synapse.pid') | quote }}
-  working_directory: {{ synapse_config_daemon_working_directory | default('/') | quote }}
+  working_directory: {{ synapse_config_daemon_working_directory | default('/var/lib/synapse') | quote }}
   stdout: {{ synapse_config_daemon_stdout | default('/var/log/synapse/access.log') | quote }}
   stderr: {{ synapse_config_daemon_stderr | default('/var/log/synapse/error.log') | quote }}
-  user: {{ synapse_config_daemon_user | default(None) | to_json }}
-  group: {{ synapse_config_daemon_group | default(None) | to_json }}
+  user: {{ synapse_config_daemon_user | default('root') | to_json }}
+  group: {{ synapse_config_daemon_group | default('root') | to_json }}
   chown_pid_file: {{ synapse_config_daemon_chown_pid_file | default(true) | lower }}
 
 {% if synapse_mode != 'agent' %}

config/config.yaml

@@ -234,13 +234,13 @@ tcp_fingerprint:
 # Daemon Configuration
 daemon:
   # Enable daemon mode (run as background process)
-  enabled: false
+  enabled: true
 
   # PID file path
   pid_file: "/var/run/synapse.pid"
 
   # Working directory for daemon
-  working_directory: "/"
+  working_directory: "/var/lib/synapse"
 
   # Stdout log file (application logs: info, debug, warn, error)
   stdout: "/var/log/synapse/access.log"
@@ -249,10 +249,10 @@ daemon:
   stderr: "/var/log/synapse/error.log"
 
   # User to run daemon as (optional, e.g., "nobody")
-  user: null
+  user: root
 
   # Group to run daemon as (optional, e.g., "daemon")
-  group: null
+  group: root
 
   # Change ownership of PID file to daemon user/group
   chown_pid_file: true

src/main.rs

@@ -614,9 +614,9 @@ async fn async_main(args: Args, config: Config) -> Result<()> {
             } else {
                 log::info!("Threat intelligence client initialized");
 
-                // Register Threat MMDB refresh worker if configured
+                // Register Threat MMDB refresh worker if configured (skip in agent mode)
                 let refresh_interval = config.arxignis.threat.refresh_secs.unwrap_or(300);
-                if !config.arxignis.threat.url.is_empty() && refresh_interval > 0 {
+                if config.mode != "agent" && !config.arxignis.threat.url.is_empty() && refresh_interval > 0 {
                     let worker_config = worker::WorkerConfig {
                         name: "threat_mmdb".to_string(),
                         interval_secs: refresh_interval,