Alan Orth
067adcd9f5
We can only run fail2ban when we have logs to monitor. When a host is running Caddy we don't have logs, so fail2ban doesn't have any- thing to monitor out of the box. For now I will restrict the task to hosts running nginx.
29 lines
777 B
YAML
29 lines
777 B
YAML
---
|
|
# ansible.builtin.file: roles/common/handlers/main.yml
|
|
|
|
- name: reload sshd
|
|
ansible.builtin.systemd:
|
|
name: "{{ sshd_service_name }}"
|
|
state: reloaded
|
|
|
|
- name: reload sysctl
|
|
command: sysctl -p /etc/sysctl.conf
|
|
|
|
- name: reload systemd
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: restart nftables
|
|
ansible.builtin.systemd:
|
|
name: nftables
|
|
state: restarted
|
|
|
|
# 2021-09-28: note to self to keep fail2ban at the end, as handlers are executed
|
|
# in the order they are defined, not in the order they are listed in the task's
|
|
# notify statement and we must restart fail2ban after updating the firewall.
|
|
- name: restart fail2ban
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
state: restarted
|
|
when: webserver is defined and webserver == 'nginx'
|