Alan Orth
7a9a24ef5d
Actually, we do want to run fail2ban on all hosts because the sshd monitoring via systemd is nice. At the very least it reduces spam from failed logins in our systemd journal.
28 lines
723 B
YAML
28 lines
723 B
YAML
---
|
|
# ansible.builtin.file: roles/common/handlers/main.yml
|
|
|
|
- name: reload sshd
|
|
ansible.builtin.systemd:
|
|
name: "{{ sshd_service_name }}"
|
|
state: reloaded
|
|
|
|
- name: reload sysctl
|
|
command: sysctl -p /etc/sysctl.conf
|
|
|
|
- name: reload systemd
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: restart nftables
|
|
ansible.builtin.systemd:
|
|
name: nftables
|
|
state: restarted
|
|
|
|
# 2021-09-28: note to self to keep fail2ban at the end, as handlers are executed
|
|
# in the order they are defined, not in the order they are listed in the task's
|
|
# notify statement and we must restart fail2ban after updating the firewall.
|
|
- name: restart fail2ban
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
state: restarted
|