roles/common: rework fail2ban again

Actually, we do want to run fail2ban on all hosts because the sshd monitoring via systemd is nice. At the very least it reduces spam from failed logins in our systemd journal.
2023-08-23 22:14:16 +03:00
parent 067adcd9f5
commit 7a9a24ef5d
4 changed files with 1 additions and 8 deletions
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@ -107,12 +107,9 @@
        state: started
        enabled: true

-    # We only install fail2ban on systems running nginx. If the host is running
-    # Caddy then there are no logs for us to monitor.
    - ansible.builtin.include_tasks: fail2ban.yml
      when:
        - ansible_distribution_major_version is version('9', '>=')
-        - webserver is defined and webserver == 'nginx'
  tags: firewall

 # vim: set sw=2 ts=2: