ansible-edda/playbooks/tasks/hosts/fail2ban.yml

- name: Install fail2ban
  apt:
    name: fail2ban

- name: Configure fail2ban
  template:
    src: ./filesystem/common/etc/fail2ban/jail.local.j2
    dest: /etc/fail2ban/jail.local
    mode: 0644
  register: fail2ban_conf

- name: Configure fail2ban sshd jail
  template:
    src: ./filesystem/common/etc/fail2ban/jail.d/sshd.local.j2
    dest: /etc/fail2ban/jail.d/sshd.local
    mode: 0644
  register: fail2ban_sshd_jail

- name: Enable/start fail2ban
  systemd:
    name: fail2ban
    state: started
    enabled: yes

- name: Restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
  when:
    fail2ban_conf is changed or
    fail2ban_sshd_jail is changed
Split machine playbook 2022-09-11 20:55:30 +02:00			`- name: Install fail2ban`
			`apt:`
			`name: fail2ban`

			`- name: Configure fail2ban`
			`template:`
Basic deployment on valkyrie 2022-09-21 23:57:15 +02:00			`src: ./filesystem/common/etc/fail2ban/jail.local.j2`
Split machine playbook 2022-09-11 20:55:30 +02:00			`dest: /etc/fail2ban/jail.local`
			`mode: 0644`
			`register: fail2ban_conf`

			`- name: Configure fail2ban sshd jail`
			`template:`
Basic deployment on valkyrie 2022-09-21 23:57:15 +02:00			`src: ./filesystem/common/etc/fail2ban/jail.d/sshd.local.j2`
Split machine playbook 2022-09-11 20:55:30 +02:00			`dest: /etc/fail2ban/jail.d/sshd.local`
			`mode: 0644`
			`register: fail2ban_sshd_jail`

			`- name: Enable/start fail2ban`
			`systemd:`
			`name: fail2ban`
			`state: started`
			`enabled: yes`

			`- name: Restart fail2ban`
			`systemd:`
			`name: fail2ban`
			`state: restarted`
			`when:`
			`fail2ban_conf is changed or`
			`fail2ban_sshd_jail is changed`