diff options
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf | 16 | ||||
-rw-r--r-- | ansible/roles/knot-misc/handlers/fail2ban.yml | 4 | ||||
-rw-r--r-- | ansible/roles/knot-misc/handlers/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/knot-misc/tasks/fail2ban.yml | 11 | ||||
-rw-r--r-- | ansible/roles/knot-misc/tasks/main.yml | 3 |
5 files changed, 35 insertions, 0 deletions
diff --git a/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf new file mode 100644 index 0000000..02f32b8 --- /dev/null +++ b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf @@ -0,0 +1,16 @@ +# Managed by Ansible + +[sshd] +enabled = true +maxretry = 3 +bantime = 12h + +[postfix] +enabled = true +maxretry = 3 +bantime = 12h + +[dovecot] +enabled = true +maxretry = 3 +bantime = 12h diff --git a/ansible/roles/knot-misc/handlers/fail2ban.yml b/ansible/roles/knot-misc/handlers/fail2ban.yml new file mode 100644 index 0000000..8340622 --- /dev/null +++ b/ansible/roles/knot-misc/handlers/fail2ban.yml @@ -0,0 +1,4 @@ +- name: restart fail2ban + service: + name: fail2ban + state: reloaded diff --git a/ansible/roles/knot-misc/handlers/main.yml b/ansible/roles/knot-misc/handlers/main.yml new file mode 100644 index 0000000..b4a5aca --- /dev/null +++ b/ansible/roles/knot-misc/handlers/main.yml @@ -0,0 +1 @@ +- include: fail2ban.yml diff --git a/ansible/roles/knot-misc/tasks/fail2ban.yml b/ansible/roles/knot-misc/tasks/fail2ban.yml new file mode 100644 index 0000000..49e1c57 --- /dev/null +++ b/ansible/roles/knot-misc/tasks/fail2ban.yml @@ -0,0 +1,11 @@ +- name: /etc/fail2ban/jail.local + notify: restart fail2ban + copy: + dest: /etc/fail2ban/jail.local + content: "" + +- name: /etc/fail2ban/jail.d/99-ansible.conf + notify: restart fail2ban + copy: + src: etc/fail2ban/jail.d/99-ansible.conf + dest: /etc/fail2ban/jail.d/99-ansible.conf diff --git a/ansible/roles/knot-misc/tasks/main.yml b/ansible/roles/knot-misc/tasks/main.yml new file mode 100644 index 0000000..94a1388 --- /dev/null +++ b/ansible/roles/knot-misc/tasks/main.yml @@ -0,0 +1,3 @@ +- name: fail2ban + tags: fail2ban + include: fail2ban.yml |