ansible-edda/playbooks/tasks/hosts/fail2ban.yml

38 lines
787 B
YAML

- name: Install fail2ban
apt:
name: fail2ban
- name: Configure fail2ban
template:
src: ./filesystem/common/etc/fail2ban/jail.local.j2
dest: /etc/fail2ban/jail.local
mode: 0644
register: fail2ban_conf
- name: Configure fail2ban sshd jail
template:
src: ./filesystem/common/etc/fail2ban/jail.d/sshd.local.j2
dest: /etc/fail2ban/jail.d/sshd.local
mode: 0644
register: fail2ban_sshd_jail
- name: Enable fail2ban
systemd:
name: fail2ban
enabled: yes
- name: Start fail2ban
systemd:
name: fail2ban
state: started
register: fail2ban_start
- name: Restart fail2ban
systemd:
name: fail2ban
state: restarted
when:
(fail2ban_conf is changed or
fail2ban_sshd_jail is changed) and
fail2ban_start is not changed