roles/common: rework fail2ban again

Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
This commit is contained in:
Alan Orth 2023-08-23 22:14:16 +03:00
parent 067adcd9f5
commit 7a9a24ef5d
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
4 changed files with 1 additions and 8 deletions

View File

@ -25,4 +25,3 @@
ansible.builtin.systemd:
name: fail2ban
state: restarted
when: webserver is defined and webserver == 'nginx'

View File

@ -2,7 +2,6 @@
- name: Install fail2ban
when:
- ansible_distribution_major_version is version('11', '>=')
- webserver is defined and webserver == 'nginx'
ansible.builtin.package:
name:
- fail2ban
@ -20,6 +19,7 @@
- name: Configure fail2ban nginx filter
when:
- webserver is defined and webserver == 'nginx'
- extra_fail2ban_filters is defined
- "'nginx' in extra_fail2ban_filters"
ansible.builtin.template:

View File

@ -107,12 +107,9 @@
state: started
enabled: true
# We only install fail2ban on systems running nginx. If the host is running
# Caddy then there are no logs for us to monitor.
- ansible.builtin.include_tasks: fail2ban.yml
when:
- ansible_distribution_major_version is version('9', '>=')
- webserver is defined and webserver == 'nginx'
tags: firewall
# vim: set sw=2 ts=2:

View File

@ -106,12 +106,9 @@
state: started
enabled: true
# We only install fail2ban on systems running nginx. If the host is running
# Caddy then there are no logs for us to monitor.
- ansible.builtin.include_tasks: fail2ban.yml
when:
- ansible_distribution_version is version('16.04', '>=')
- webserver is defined and webserver == 'nginx'
tags: firewall
# vim: set sw=2 ts=2: