Use block in fail2ban role
This commit is contained in:
parent
ffe73e5568
commit
7283ac291f
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
fail2ban_become: true
|
||||
fail2ban_become_user: root
|
|
@ -1,24 +1,29 @@
|
|||
---
|
||||
- name: install fail2ban
|
||||
apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
become: true
|
||||
- block:
|
||||
|
||||
- name: set customization.local config file
|
||||
template:
|
||||
src: templates/customization.local.j2
|
||||
dest: /etc/fail2ban/jail.d/customization.local
|
||||
mode: 0640
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
- name: install fail2ban
|
||||
apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
become: true
|
||||
|
||||
- name: set custom sshd filter config file
|
||||
template:
|
||||
src: templates/sshd-custom-filter.conf.j2
|
||||
dest: /etc/fail2ban/filter.d/sshd-custom.conf
|
||||
mode: 0640
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
- name: set customization.local config file
|
||||
template:
|
||||
src: templates/customization.local.j2
|
||||
dest: /etc/fail2ban/jail.d/customization.local
|
||||
mode: 0640
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
|
||||
- name: set custom sshd filter config file
|
||||
template:
|
||||
src: templates/sshd-custom-filter.conf.j2
|
||||
dest: /etc/fail2ban/filter.d/sshd-custom.conf
|
||||
mode: 0640
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
|
||||
become: "{{ fail2ban_become }}"
|
||||
become_user: "{{ fail2ban_become_user }}"
|
||||
|
|
|
@ -17,15 +17,12 @@
|
|||
# - ../roles/apt_dist_upgrade
|
||||
- ../roles/common
|
||||
- ../roles/hostname
|
||||
# The easy ports sequece is just for test. Also don't disable strict IP
|
||||
# filtering on production.
|
||||
# - {role: ../roles/knockd, ports: [3333, 4444, 5555], network_interface: eth1, filter_ip: ""}
|
||||
- ../roles/nftables
|
||||
- ../roles/sshd
|
||||
- {role: ../roles/fail2ban}
|
||||
- {role: ../roles/snake_oil_dehydrated, become: true}
|
||||
- {role: ../roles/mailserver}
|
||||
- {role: ../roles/weechat}
|
||||
- ../roles/fail2ban
|
||||
# - {role: ../roles/snake_oil_dehydrated, become: true}
|
||||
# - {role: ../roles/mailserver}
|
||||
# - {role: ../roles/weechat}
|
||||
# Uncomment to test wikijs role: it's commented since the tarball that we
|
||||
# have to download is more than 60MB.
|
||||
# - {role: ../roles/wikijs, become: true, wikijs_db_type: sqlite}
|
||||
|
@ -41,4 +38,7 @@
|
|||
# - {role: ../roles/generate_certificate, become: true}
|
||||
# - {role: ../roles/gitea, become: true}
|
||||
# - ../roles/docker
|
||||
- ../roles/dokku
|
||||
# - ../roles/dokku
|
||||
# The easy ports sequece is just for test. Also don't disable strict IP
|
||||
# filtering on production.
|
||||
# - {role: ../roles/knockd, ports: [3333, 4444, 5555], network_interface: eth1, filter_ip: ""}
|
||||
|
|
Loading…
Reference in New Issue