107 lines
2.6 KiB
YAML
107 lines
2.6 KiB
YAML
---
|
|
- name: Install fail2ban and dependencies
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: latest
|
|
with_items: "{{ fail2ban_dependencies }}"
|
|
|
|
- name: Configure fail2ban.local
|
|
community.general.ini_file:
|
|
path: /etc/fail2ban/fail2ban.local
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
notify: Restart fail2ban
|
|
|
|
- name: Configure jail.local
|
|
community.general.ini_file:
|
|
path: /etc/fail2ban/jail.local
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
notify: Restart fail2ban
|
|
|
|
- name: Configure Debian default jail config
|
|
community.general.ini_file:
|
|
path: /etc/fail2ban/jail.d/defaults-debian.conf
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ fail2ban_default_debian_jail_configuration }}"
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
notify: Restart fail2ban
|
|
when: ansible_facts['distribution'] == 'Debian'
|
|
|
|
- name: Copy filter configs
|
|
community.general.ini_file:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/filter.d/
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_fileglob:
|
|
- "{{ fail2ban_filters_path }}/*"
|
|
when: fail2ban_filters_path is defined
|
|
notify: Restart fail2ban
|
|
|
|
- name: Copy action configs
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/action.d/
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_fileglob:
|
|
- "{{ fail2ban_actions_path }}/*"
|
|
when: fail2ban_actions_path is defined
|
|
notify: Restart fail2ban
|
|
|
|
- name: Copy jail configs
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/jail.d/
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_fileglob:
|
|
- "{{ fail2ban_jails_path }}/*"
|
|
when: fail2ban_jails_path is defined
|
|
notify: Restart fail2ban
|
|
|
|
- name: Create jail configs
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.d/{{ jail.name }}.local
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ fail2ban_jails }}"
|
|
loop_control:
|
|
label: "{{ jail.name }}"
|
|
loop_var: jail
|
|
when: fail2ban_jails
|
|
notify: Restart fail2ban
|
|
|
|
|
|
- name: Start and enable service
|
|
systemd:
|
|
name: fail2ban
|
|
state: started
|
|
enabled: true
|