From 36441d5ecdc5590c6c1472a84f92fb8df47f7fbb Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Wed, 21 Feb 2024 11:13:16 +0400
Subject: [PATCH] initial
Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
---
README.md | 2 ++
defaults/main.yml | 5 +++++
handlers/main.yml | 7 +++++++
meta/main.yml | 8 ++++----
tasks/main.yml | 25 +++++++++++++++++++++++++
templates/fail2ban.local.j2 | 6 ++++++
templates/jail.local.j2 | 6 ++++++
7 files changed, 55 insertions(+), 4 deletions(-)
create mode 100644 defaults/main.yml
create mode 100644 handlers/main.yml
create mode 100644 tasks/main.yml
create mode 100644 templates/fail2ban.local.j2
create mode 100644 templates/jail.local.j2
diff --git a/README.md b/README.md
index c30124f..de1bf1e 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
# ansible_role-template
+
+Install & configure fail2ban.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..2d1b136
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+fail2ban_fail2ban_local: |
+ loglevel = INFO
+
+fail2ban_jail_local: |
+ bantime.rndtime = 300
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..2fc0251
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,7 @@
+- name: Restart fail2ban service
+ ansible.builtin.systemd:
+ state: restarted
+ enabled: yes
+ masked: no
+ daemon_reload: yes
+ name: fail2ban.service
diff --git a/meta/main.yml b/meta/main.yml
index 769c19e..9b974a4 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,9 +1,9 @@
collections: []
dependencies: []
galaxy_info:
- author: template
- description: template
+ author: Dmitriy Safronov
+ description: Install & configure fail2ban.
license: Apache-2.0
min_ansible_version: "2.16"
- namespace: template
- role_name: template
+ namespace: dmitriysafronov
+ role_name: fail2ban
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..e682b08
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: Install packages
+ ansible.builtin.package:
+ name: fail2ban
+ state: present
+ notify: Restart fail2ban service
+
+- name: Template a file to /etc/fail2ban/fail2ban.local
+ ansible.builtin.template:
+ src: fail2ban.local.j2
+ dest: /etc/fail2ban/fail2ban.local
+ owner: root
+ group: root
+ mode: "0644"
+ when: fail2ban_fail2ban_local is defined
+ notify: Restart fail2ban service
+
+- name: Template a file to /etc/fail2ban/jail.local
+ ansible.builtin.template:
+ src: jail.local.j2
+ dest: /etc/fail2ban/jail.local
+ owner: root
+ group: root
+ mode: "0644"
+ when: fail2ban_jail_local is defined
+ notify: Restart fail2ban service
diff --git a/templates/fail2ban.local.j2 b/templates/fail2ban.local.j2
new file mode 100644
index 0000000..cc765d4
--- /dev/null
+++ b/templates/fail2ban.local.j2
@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+
+[DEFAULT]
+logtarget = SYSLOG
+
+{{ fail2ban_fail2ban_local | default('') }}
diff --git a/templates/jail.local.j2 b/templates/jail.local.j2
new file mode 100644
index 0000000..b8e3760
--- /dev/null
+++ b/templates/jail.local.j2
@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+
+[DEFAULT]
+backend = systemd
+
+{{ fail2ban_jail_local | default('') }}
--
GitLab