boma/roles/base/tasks/fail2ban.yml

26 lines
703 B
YAML
Raw Normal View History

---
- name: Install fail2ban
ansible.builtin.apt:
name: fail2ban
state: present
update_cache: true
- name: Configure the sshd jail
ansible.builtin.template:
src: fail2ban_sshd.local.j2
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
mode: "0644"
notify: restart fail2ban
- name: Enable and start fail2ban
ansible.builtin.service:
name: fail2ban
enabled: true
state: started
# In --check on a host without fail2ban yet, the package isn't really installed, so the
# service lookup fails. Skip the start in check mode (the install + jail are still
# previewed); a real deploy installs then starts it.
when: not ansible_check_mode