mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2025-07-01 15:38:33 +02:00
52 lines
1.2 KiB
YAML
Executable File
52 lines
1.2 KiB
YAML
Executable File
- name: Setup Fail2ban
|
|
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
|
block:
|
|
- name: Install fail2ban packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- fail2ban
|
|
- sendmail
|
|
# add line to /etc/hosts
|
|
# 127.0.0.1 m-server localhost....
|
|
- name: Copy files
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/jail.d/
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
with_fileglob:
|
|
- "jail.d/*.conf"
|
|
|
|
- name: Copy files
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/filter.d/
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
with_fileglob:
|
|
- "filter.d/*.conf"
|
|
|
|
- name: Copy files
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/action.d/
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
with_fileglob:
|
|
- "action.d/*.conf"
|
|
|
|
- name: Disable sendmail service
|
|
ansible.builtin.service:
|
|
name: sendmail.service
|
|
state: stopped
|
|
enabled: false
|
|
|
|
- name: Restart fail2ban service
|
|
ansible.builtin.service:
|
|
name: fail2ban.service
|
|
state: restarted
|
|
enabled: true
|