aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf16
-rw-r--r--ansible/roles/knot-misc/handlers/fail2ban.yml4
-rw-r--r--ansible/roles/knot-misc/handlers/main.yml1
-rw-r--r--ansible/roles/knot-misc/tasks/fail2ban.yml11
-rw-r--r--ansible/roles/knot-misc/tasks/main.yml3
5 files changed, 35 insertions, 0 deletions
diff --git a/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
new file mode 100644
index 0000000..02f32b8
--- /dev/null
+++ b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
@@ -0,0 +1,16 @@
+# Managed by Ansible
+
+[sshd]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[postfix]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[dovecot]
+enabled = true
+maxretry = 3
+bantime = 12h
diff --git a/ansible/roles/knot-misc/handlers/fail2ban.yml b/ansible/roles/knot-misc/handlers/fail2ban.yml
new file mode 100644
index 0000000..8340622
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/fail2ban.yml
@@ -0,0 +1,4 @@
+- name: restart fail2ban
+ service:
+ name: fail2ban
+ state: reloaded
diff --git a/ansible/roles/knot-misc/handlers/main.yml b/ansible/roles/knot-misc/handlers/main.yml
new file mode 100644
index 0000000..b4a5aca
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/main.yml
@@ -0,0 +1 @@
+- include: fail2ban.yml
diff --git a/ansible/roles/knot-misc/tasks/fail2ban.yml b/ansible/roles/knot-misc/tasks/fail2ban.yml
new file mode 100644
index 0000000..49e1c57
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/fail2ban.yml
@@ -0,0 +1,11 @@
+- name: /etc/fail2ban/jail.local
+ notify: restart fail2ban
+ copy:
+ dest: /etc/fail2ban/jail.local
+ content: ""
+
+- name: /etc/fail2ban/jail.d/99-ansible.conf
+ notify: restart fail2ban
+ copy:
+ src: etc/fail2ban/jail.d/99-ansible.conf
+ dest: /etc/fail2ban/jail.d/99-ansible.conf
diff --git a/ansible/roles/knot-misc/tasks/main.yml b/ansible/roles/knot-misc/tasks/main.yml
new file mode 100644
index 0000000..94a1388
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: fail2ban
+ tags: fail2ban
+ include: fail2ban.yml