Initial role commit

2025-12-02 22:35:27 -05:00
parent 4566427755
commit 2268044797
9 changed files with 668 additions and 2 deletions
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -0,0 +1,106 @@
+---
+- name: Install fail2ban and dependencies
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ fail2ban_dependencies }}"
+
+- name: Configure fail2ban.local
+  community.general.ini_file:
+    path: /etc/fail2ban/fail2ban.local
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
+  loop_control:
+    label: "{{ item.option }}"
+  notify: Restart fail2ban
+
+- name: Configure jail.local
+  community.general.ini_file:
+    path: /etc/fail2ban/jail.local
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
+  loop_control:
+    label: "{{ item.option }}"
+  notify: Restart fail2ban
+
+- name: Configure Debian default jail config
+  community.general.ini_file:
+    path: /etc/fail2ban/jail.d/defaults-debian.conf
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ fail2ban_default_debian_jail_configuration }}"
+  loop_control:
+    label: "{{ item.option }}"
+  notify: Restart fail2ban
+  when: ansible_facts['distribution'] == 'Debian'
+
+- name: Copy filter configs
+  community.general.ini_file:
+    src: "{{ item }}"
+    dest: /etc/fail2ban/filter.d/
+    owner: root
+    group: root
+    mode: 0644
+  with_fileglob:
+  - "{{ fail2ban_filters_path }}/*"
+  when: fail2ban_filters_path is defined
+  notify: Restart fail2ban
+
+- name: Copy action configs
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /etc/fail2ban/action.d/
+    owner: root
+    group: root
+    mode: 0644
+  with_fileglob:
+    - "{{ fail2ban_actions_path }}/*"
+  when: fail2ban_actions_path is defined
+  notify: Restart fail2ban
+
+- name: Copy jail configs
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /etc/fail2ban/jail.d/
+    owner: root
+    group: root
+    mode: 0644
+  with_fileglob:
+    - "{{ fail2ban_jails_path }}/*"
+  when: fail2ban_jails_path is defined
+  notify: Restart fail2ban
+
+- name: Create jail configs
+  ansible.builtin.template:
+    src: jail.local.j2
+    dest: /etc/fail2ban/jail.d/{{ jail.name }}.local
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ fail2ban_jails }}"
+  loop_control:
+    label: "{{ jail.name }}"
+    loop_var: jail
+  when: fail2ban_jails
+  notify: Restart fail2ban
+
+
+- name: Start and enable service
+  systemd:
+    name: fail2ban
+    state: started
+    enabled: true