59 lines
1.2 KiB
YAML
59 lines
1.2 KiB
YAML
---
|
|
- name: install fail2ban + deps
|
|
ansible.builtin.apt:
|
|
name:
|
|
- fail2ban
|
|
- python3
|
|
- python3-systemd
|
|
- nftables
|
|
state: present
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: enable & start nftables
|
|
ansible.builtin.systemd:
|
|
name: nftables
|
|
enabled: true
|
|
state: started
|
|
become: true
|
|
|
|
- name: ensure fail2ban directories exist
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
loop:
|
|
- /etc/fail2ban
|
|
- /etc/fail2ban/jail.d
|
|
- /etc/fail2ban/filter.d
|
|
become: true
|
|
|
|
- name: deploy /etc/fail2ban/fail2ban.local
|
|
ansible.builtin.template:
|
|
src: fail2ban.local.j2
|
|
dest: /etc/fail2ban/fail2ban.local
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: validate and restart fail2ban
|
|
become: true
|
|
|
|
- name: deploy /etc/fail2ban/jail.local
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: validate and restart fail2ban
|
|
become: true
|
|
|
|
- name: ensure fail2ban enabled and started
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
enabled: true
|
|
state: started
|
|
become: true
|