fail2forward

2026-05-31 00:10:02 +02:00
parent fdc99031dd
commit 85cf6f5533
8 changed files with 79 additions and 21 deletions
@@ -13,6 +13,31 @@
        name: fail2forward
        create_home: true

+    - name: Create .ssh
+      ansible.builtin.file:
+        name: /home/fail2forward/.ssh
+        owner: fail2forward
+        group: fail2forward
+        state: directory
+        mode: '0655'
+
+    - name: Create authorized_keys
+      ansible.builtin.copy:
+        content: "command=\"/usr/local/bin/fail2forward\",no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,restrict \
+                  {{ lookup('ansible.builtin.file', '../fail2ban/fail2forward_id_rsa.pub') }}"
+        owner: fail2forward
+        group: fail2forward
+        dest: /home/fail2forward/.ssh/authorized_keys
+        mode: '0644'
+
+    - name: Copy fail2forward script
+      ansible.builtin.template:
+        src: fail2forward.j2
+        dest: /usr/local/bin/fail2forward
+        owner: root
+        group: root
+        mode: '0755'
+
    - name: Copy jail.local
      ansible.builtin.template:
        src: jail.local.j2
@@ -20,9 +45,7 @@
        owner: root
        group: root
        mode: '0644'
-      notify: Restart fail2ban

-  handlers:
    - name: Restart fail2ban
      ansible.builtin.service:
        name: fail2ban