53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
- name: Fail2ban-ingress
|
|
hosts: animeistrash
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Install fail2ban
|
|
ansible.builtin.apt:
|
|
name: fail2ban
|
|
state: present
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: fail2forward
|
|
create_home: true
|
|
|
|
- name: Create .ssh
|
|
ansible.builtin.file:
|
|
name: /home/fail2forward/.ssh
|
|
owner: fail2forward
|
|
group: fail2forward
|
|
state: directory
|
|
mode: '0655'
|
|
|
|
- name: Create authorized_keys
|
|
ansible.builtin.copy:
|
|
content: "command=\"/usr/local/bin/fail2forward\",no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,restrict \
|
|
{{ lookup('ansible.builtin.file', '../fail2ban/fail2forward_id_rsa.pub') }}"
|
|
owner: fail2forward
|
|
group: fail2forward
|
|
dest: /home/fail2forward/.ssh/authorized_keys
|
|
mode: '0644'
|
|
|
|
- name: Copy fail2forward script
|
|
ansible.builtin.template:
|
|
src: fail2forward.j2
|
|
dest: /usr/local/bin/fail2forward
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Copy jail.local
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Restart fail2ban
|
|
ansible.builtin.service:
|
|
name: fail2ban
|
|
state: restarted
|