alias

2025-07-01 23:48:32 +02:00 · 2025-04-16 09:31:09 +02:00
parent d4ee9dc3eb
commit 24191afe3d
17 changed files with 593 additions and 559 deletions
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@ -1,41 +1,51 @@
- block:
-  - name: Install fail2ban packages
-    ansible.builtin.apt:
-      name: 
-        - fail2ban
-        - sendmail
-#add line  to /etc/hosts  
-#127.0.0.1 m-server localhost....
-  - name: Copy files
-    copy:
-      src: "{{ item }}"
-      dest: /etc/fail2ban/jail.d/
-    with_fileglob:
-      - "jail.d/*.conf"
+- name: Setup Fail2ban
+  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
+  block:
+    - name: Install fail2ban packages
+      ansible.builtin.apt:
+        name:
+          - fail2ban
+          - sendmail
+  # add line  to /etc/hosts
+  # 127.0.0.1 m-server localhost....
+    - name: Copy files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: /etc/fail2ban/jail.d/
+        mode: '0700'
+        owner: root
+        group: root
+      with_fileglob:
+        - "jail.d/*.conf"

-  - name: Copy files
-    copy:
-      src: "{{ item }}"
-      dest: /etc/fail2ban/filter.d/
-    with_fileglob:
-      - "filter.d/*.conf"
+    - name: Copy files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: /etc/fail2ban/filter.d/
+        mode: '0700'
+        owner: root
+        group: root
+      with_fileglob:
+        - "filter.d/*.conf"

-  - name: Copy files
-    copy:
-      src: "{{ item }}"
-      dest: /etc/fail2ban/action.d/
-    with_fileglob:
-      - "action.d/*.conf"
+    - name: Copy files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: /etc/fail2ban/action.d/
+        mode: '0700'
+        owner: root
+        group: root
+      with_fileglob:
+        - "action.d/*.conf"

-  - name: disable sendmail service
-    ansible.builtin.service:
-      name: sendmail.service
-      state: stopped
-      enabled: false
+    - name: Disable sendmail service
+      ansible.builtin.service:
+        name: sendmail.service
+        state: stopped
+        enabled: false

-  - name: Restart fail2ban service
-    ansible.builtin.service:
-      name: fail2ban.service
-      state: restarted
-      enabled: true
-  become: true
+    - name: Restart fail2ban service
+      ansible.builtin.service:
+        name: fail2ban.service
+        state: restarted
+        enabled: true