ansible-edda/playbooks/roles/system/base/tasks/include/fail2ban.yml

39 lines
1005 B
YAML
Raw Normal View History

2022-12-18 23:43:40 +01:00
---
- name: "fail2ban : install fail2ban"
ansible.builtin.apt:
name: "fail2ban"
- name: "fail2ban : configure fail2ban"
ansible.builtin.template:
src: "./fail2ban/jail.local.j2"
dest: "/etc/fail2ban/jail.local"
mode: 0644
2022-12-08 23:19:54 +01:00
register: system_base_fail2ban_conf
- name: "fail2ban : configure fail2ban sshd jail"
ansible.builtin.template:
src: "./fail2ban/jail.d/sshd.local.j2"
dest: "/etc/fail2ban/jail.d/sshd.local"
mode: 0644
2022-12-08 23:19:54 +01:00
register: system_base_fail2ban_sshd_jail
- name: "fail2ban : enable fail2ban"
ansible.builtin.systemd:
name: "fail2ban"
enabled: true
- name: "fail2ban : start fail2ban"
ansible.builtin.systemd:
name: "fail2ban"
state: "started"
2022-12-08 23:19:54 +01:00
register: system_base_fail2ban_start
- name: "fail2ban : restart fail2ban"
ansible.builtin.systemd:
name: "fail2ban"
state: "restarted"
when:
2022-12-08 23:19:54 +01:00
(system_base_fail2ban_conf.changed or
system_base_fail2ban_sshd_jail.changed) and
not system_base_fail2ban_start.changed