From 881497449f117f1e36115373ab8a8bcfa370e63a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 30 Oct 2018 09:57:53 +0100
Subject: [PATCH] Clean up fail2ban database

---
 modules/fail2ban/manifests/init.pp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/fail2ban/manifests/init.pp b/modules/fail2ban/manifests/init.pp
index 3051b9975..f97bc4892 100644
--- a/modules/fail2ban/manifests/init.pp
+++ b/modules/fail2ban/manifests/init.pp
@@ -14,4 +14,12 @@ class fail2ban {
 				| EOF
 	}
 
+	# XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe:  versioncmp($::lsbmajdistrelease, '9') <= 0
+	concat::fragment { 'dsa-puppet-stuff--fail2ban-cleanup':
+		target => '/etc/cron.d/dsa-puppet-stuff',
+		content  => @(EOF)
+			17 * * * * root python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
+			| EOF
+	}
+
 }
-- 
2.20.1