2019-10-26 16:36:07 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Configure fail2ban sshd filter
|
2022-09-10 17:09:12 +02:00
|
|
|
ansible.builtin.template: src=etc/fail2ban/jail.d/sshd.local.j2 dest=/etc/fail2ban/jail.d/sshd.local owner=root mode=0644
|
2019-10-26 16:36:07 +02:00
|
|
|
notify: restart fail2ban
|
|
|
|
|
2021-08-01 08:56:43 +02:00
|
|
|
- name: Configure fail2ban nginx filter
|
|
|
|
when: "extra_fail2ban_filters is defined and 'nginx' in extra_fail2ban_filters"
|
2022-09-10 17:09:12 +02:00
|
|
|
ansible.builtin.template: src=etc/fail2ban/jail.d/nginx.local.j2 dest=/etc/fail2ban/jail.d/nginx.local owner=root mode=0644
|
2021-08-01 08:56:43 +02:00
|
|
|
notify: restart fail2ban
|
|
|
|
|
2019-10-26 16:36:07 +02:00
|
|
|
- name: Create fail2ban service override directory
|
2022-09-10 17:09:12 +02:00
|
|
|
ansible.builtin.file: path=/etc/systemd/system/fail2ban.service.d state=directory owner=root mode=0755
|
2019-10-26 16:36:07 +02:00
|
|
|
|
|
|
|
# See Arch Linux's example: https://wiki.archlinux.org/index.php/Fail2ban
|
|
|
|
- name: Configure fail2ban service override
|
2022-09-10 17:09:12 +02:00
|
|
|
ansible.builtin.template: src=etc/systemd/system/fail2ban.service.d/override.conf.j2 dest=/etc/systemd/system/fail2ban.service.d/override.conf owner=root mode=0644
|
2019-10-26 16:36:07 +02:00
|
|
|
notify:
|
|
|
|
- reload systemd
|
|
|
|
- restart fail2ban
|
|
|
|
|
2019-10-26 17:14:28 +02:00
|
|
|
- name: Start and enable fail2ban service
|
2022-09-10 17:09:12 +02:00
|
|
|
ansible.builtin.systemd: name=fail2ban state=started enabled=yes
|
2019-10-26 16:36:07 +02:00
|
|
|
|
|
|
|
# vim: set sw=2 ts=2:
|