Adding ansible section
This commit is contained in:
44
ansible/roles/bastion/tasks/firewall.yml
Normal file
44
ansible/roles/bastion/tasks/firewall.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
- name: ensure nftables service is started and enabled
|
||||
ansible.builtin.systemd:
|
||||
name: nftables
|
||||
state: started
|
||||
enabled: true
|
||||
tags: all,firewall
|
||||
|
||||
- name: deploying nftables configuration
|
||||
ansible.builtin.template:
|
||||
src: nftables.conf.j2
|
||||
dest: /etc/nftables.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
backup: true
|
||||
validate: "nft -c -f %s"
|
||||
notify:
|
||||
- reload nftables
|
||||
- restart fail2ban
|
||||
tags: all,firewall
|
||||
|
||||
- name: ensure fail2ban is installed
|
||||
ansible.builtin.apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
update_cache: true
|
||||
tags: all,firewall
|
||||
|
||||
- name: ensure fail2ban is enabled and running
|
||||
ansible.builtin.systemd:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: true
|
||||
tags: all,firewall
|
||||
|
||||
- name: deploying fail2ban ssh conf
|
||||
ansible.builtin.template:
|
||||
src: sshd.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/sshd.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: reload fail2ban
|
||||
tags: all,firewall
|
||||
Reference in New Issue
Block a user