GitHub linguist .yml, fail2ban config fixes

.gitattributes

@@ -1,2 +1,3 @@
 .pass.sh filter=git-crypt diff=git-crypt
 ansible/vars/vault.yml filter=git-crypt diff=git-crypt
+*.yml linguist-detectable

ansible/roles/common/files/fail2ban/jails/nginx.local

@@ -1,9 +1,11 @@
 [nginx-limit-req]
 enabled = true
 port = http,https
+logpath = %(nginx_error_log)s
 findtime = 600
 bantime = 1w
 maxretry = 8
+ignoreip  = 127.0.0.1/32 192.168.1.0/24
 
 [nginx-http-auth]
 enabled = true
@@ -11,10 +13,12 @@ port = http,https
 logpath = %(nginx_error_log)s
 bantime = 2w
 maxretry = 5
+ignoreip  = 127.0.0.1/32 192.168.1.0/24
 
 [nginx-botsearch]
 enabled = true
 port = http,https
-logpath = %(nginx_error_log)s
+logpath = %(nginx_access_log)s
 bantime = 1w
 maxretry = 5
+ignoreip  = 127.0.0.1/32 192.168.1.0/24

ansible/roles/common/files/fail2ban/jails/sshd.local

@@ -6,5 +6,5 @@ backend   = systemd
 maxretry  = 5
 findtime  = 1d
 bantime   = 2w
-ignoreip  = 127.0.0.1/8 192.168.1.0/24
+ignoreip  = 127.0.0.1/32 192.168.1.0/24
 logpath   = %(sshd_log)s

ansible/roles/http/templates/nginx/sites/ci.bdebyl.net.https.conf.j2

@@ -8,6 +8,9 @@ server {
   server_name {{ ci_server_name }};
 
   add_header              Strict-Transport-Security max-age=6307200;
+  add_header              Allow "GET, POST, HEAD" always;
+
+  limit_except GET POST { deny all; }
 
   ssl_certificate         /etc/letsencrypt/live/{{ ci_server_name }}/fullchain.pem;
   ssl_certificate_key     /etc/letsencrypt/live/{{ ci_server_name }}/privkey.pem;