mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 14:06:04 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
86 lines
1.8 KiB
YAML
86 lines
1.8 KiB
YAML
- name: install fail2ban
|
|
package:
|
|
name: "fail2ban"
|
|
state: "present"
|
|
notify:
|
|
- restart fail2ban
|
|
|
|
- name: create systemd unit override path
|
|
file:
|
|
path: "/etc/systemd/system/fail2ban.service.d"
|
|
state: "directory"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0755
|
|
|
|
- name: install systemd unit override file
|
|
template:
|
|
src: "fail2ban.service.j2"
|
|
dest: "/etc/systemd/system/fail2ban.service.d/override.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
|
|
- name: install local config files
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/etc/fail2ban/{{ item }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
with_items:
|
|
- "fail2ban.local"
|
|
- "jail.local"
|
|
notify:
|
|
- restart fail2ban
|
|
|
|
- name: install firewallcmd-allports.local
|
|
template:
|
|
src: "firewallcmd-allports.local.j2"
|
|
dest: "/etc/fail2ban/action.d/firewallcmd-allports.local"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
notify:
|
|
- restart fail2ban
|
|
|
|
- name: install sshd jail
|
|
when: fail2ban_jails.sshd
|
|
template:
|
|
src: "sshd.jail.j2"
|
|
dest: "/etc/fail2ban/jail.d/sshd.local"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
notify:
|
|
- reload fail2ban jails
|
|
|
|
- name: install postfix jail
|
|
when: fail2ban_jails.postfix
|
|
template:
|
|
src: "postfix.jail.j2"
|
|
dest: "/etc/fail2ban/jail.d/postfix.local"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
notify:
|
|
- reload fail2ban jails
|
|
|
|
- name: install dovecot jail
|
|
when: fail2ban_jails.dovecot
|
|
template:
|
|
src: "dovecot.jail.j2"
|
|
dest: "/etc/fail2ban/jail.d/dovecot.local"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
notify:
|
|
- reload fail2ban jails
|
|
|
|
- name: start and enable service
|
|
systemd:
|
|
name: "fail2ban.service"
|
|
enabled: true
|
|
state: started
|
|
daemon-reload: true
|