mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
enable-gitlab-spamcheck
infrastructure/roles/fail2ban/tasks/main.yml
Leonidas Spyropoulos 3ac1bac037
ansible-lint: Forbidden implicit octal value 'xxxx' 
Convert the permissions to strings to avoid octal interpretation.

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
2023-02-18 20:15:54 +02:00

97 lines
2.0 KiB
YAML
Raw Permalink Blame History

- name: Install fail2ban
package:
name: "fail2ban"
state: "present"
notify:
- Restart fail2ban
- name: Create systemd unit override path
file:
path: "/etc/systemd/system/fail2ban.service.d"
state: "directory"
owner: "root"
group: "root"
mode: '0755'
- name: Install systemd unit override file
template:
src: "fail2ban.service.j2"
dest: "/etc/systemd/system/fail2ban.service.d/override.conf"
owner: "root"
group: "root"
mode: '0644'
- name: Install local config files
template:
src: "{{ item }}.j2"
dest: "/etc/fail2ban/{{ item }}"
owner: "root"
group: "root"
mode: '0644'
with_items:
- "fail2ban.local"
- "jail.local"
notify:
- Restart fail2ban
- name: Install firewallcmd-allports.local
template:
src: "firewallcmd-allports.local.j2"
dest: "/etc/fail2ban/action.d/firewallcmd-allports.local"
owner: "root"
group: "root"
mode: '0644'
notify:
- Restart fail2ban
- name: Install sshd jail
when: fail2ban_jails.sshd
template:
src: "sshd.jail.j2"
dest: "/etc/fail2ban/jail.d/sshd.local"
owner: "root"
group: "root"
mode: '0644'
notify:
- Reload fail2ban jails
- name: Install postfix jail
when: fail2ban_jails.postfix
template:
src: "postfix.jail.j2"
dest: "/etc/fail2ban/jail.d/postfix.local"
owner: "root"
group: "root"
mode: '0644'
notify:
- Reload fail2ban jails
- name: Install dovecot jail
when: fail2ban_jails.dovecot
template:
src: "dovecot.jail.j2"
dest: "/etc/fail2ban/jail.d/dovecot.local"
owner: "root"
group: "root"
mode: '0644'
notify:
- Reload fail2ban jails
- name: Install nginx-limit-req jail
when: fail2ban_jails.nginx_limit_req
template:
src: "nginx-limit-req.jail.j2"
dest: "/etc/fail2ban/jail.d/nginx-limit-req.local"
owner: "root"
group: "root"
mode: '0644'
notify:
- Reload fail2ban jails
- name: Start and enable service
systemd:
name: "fail2ban.service"
enabled: true
state: started
daemon-reload: true
View Git Blame Copy Permalink