53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
- name: Fail2ban
|
|
hosts: beepi
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Install fail2ban
|
|
ansible.builtin.apt:
|
|
name: fail2ban
|
|
state: present
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: fail2forward
|
|
create_home: true
|
|
|
|
- name: Create key
|
|
ansible.builtin.user:
|
|
name: fail2forward
|
|
generate_ssh_key: true
|
|
ssh_key_bits: 2048
|
|
ssh_key_type: ed25519
|
|
ssh_key_file: .ssh/id_rsa
|
|
register: ssh_public_key
|
|
|
|
- name: Save public key locally
|
|
ansible.builtin.copy:
|
|
content: "{{ ssh_public_key.ssh_public_key }}"
|
|
dest: ./fail2forward_id_rsa.pub
|
|
mode: '0644'
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Copy jail.local
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Copy forward.conf
|
|
ansible.builtin.template:
|
|
src: forward.conf.j2
|
|
dest: /etc/fail2ban/action.d/forward.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Restart fail2ban
|
|
ansible.builtin.service:
|
|
name: fail2ban
|
|
state: restarted
|