forked from evolix/ansible-roles
Jérémy Lecour
012dabf657
If the final variable is combined in the defaults file, it's component can be overridden, but the final variable can't be overriden.
84 lines
1.6 KiB
YAML
84 lines
1.6 KiB
YAML
---
|
|
# We have to copy the local jail before installing the package
|
|
# or we risk being jailed by fail2ban
|
|
|
|
- name: Prepare fail2ban hierarchy
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
with_items:
|
|
- "/etc/fail2ban"
|
|
- "/etc/fail2ban/filter.d"
|
|
tags:
|
|
- fail2ban
|
|
|
|
- set_fact:
|
|
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
|
|
|
- name: local jail is installed
|
|
template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
mode: "0644"
|
|
force: no
|
|
notify: restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: custom filters are installed
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/fail2ban/filter.d/
|
|
mode: "0644"
|
|
with_items:
|
|
- dovecot-evolix.conf
|
|
- sasl-evolix.conf
|
|
- wordpress-soft.conf
|
|
- wordpress-hard.conf
|
|
- roundcube.conf
|
|
notify: restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: package is installed
|
|
apt:
|
|
name: fail2ban
|
|
state: present
|
|
tags:
|
|
- fail2ban
|
|
- packages
|
|
|
|
- name: is Munin present ?
|
|
stat:
|
|
path: /etc/munin/plugins
|
|
check_mode: no
|
|
register: etc_munin_plugins
|
|
tags:
|
|
- fail2ban
|
|
- munin
|
|
|
|
- name: is fail2ban Munin plugin available ?
|
|
stat:
|
|
path: /usr/share/munin/plugins/fail2ban
|
|
check_mode: no
|
|
register: fail2ban_munin_plugin
|
|
tags:
|
|
- fail2ban
|
|
- munin
|
|
|
|
- name: Enable Munin plugins
|
|
file:
|
|
src: "/usr/share/munin/plugins/fail2ban"
|
|
dest: "/etc/munin/plugins/fail2ban"
|
|
state: link
|
|
notify: restart munin-node
|
|
when:
|
|
- etc_munin_plugins.stat.exists
|
|
- fail2ban_munin_plugin.stat.exists
|
|
tags:
|
|
- fail2ban
|
|
- munin
|