kirby/documentation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ansible: linting bastion

Browse Source
This commit is contained in:
kirby
2025-05-27 09:21:38 +02:00
parent 6a3804dd86
commit 2d378d51a7
7 changed files with 55 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ansible/roles/bastion/tasks/firewall.yml
View File

@@ -1,44 +1,46 @@
- name: ensure nftables service is started and enabled
---
- name: Ensure nftables service is started and enabled
ansible.builtin.systemd:
name: nftables
state: started
enabled: true
tags: all,firewall
- name: deploying nftables configuration
- name: Deploying nftables configuration
ansible.builtin.template:
src: nftables.conf.j2
dest: /etc/nftables.conf
owner: root
group: root
mode: '0755'
mode: "0755"
backup: true
validate: "nft -c -f %s"
notify:
- reload nftables
- restart fail2ban
- Reload nftables
- Restart fail2ban
tags: all,firewall
- name: ensure fail2ban is installed
- name: Ensure fail2ban is installed
ansible.builtin.apt:
name: fail2ban
state: present
update_cache: true
tags: all,firewall
- name: ensure fail2ban is enabled and running
- name: Ensure fail2ban is enabled and running
ansible.builtin.systemd:
name: fail2ban
state: started
enabled: true
tags: all,firewall
- name: deploying fail2ban ssh conf
- name: Deploying fail2ban ssh conf
ansible.builtin.template:
src: sshd.conf.j2
dest: /etc/fail2ban/jail.d/sshd.conf
owner: root
group: root
mode: '0644'
mode: "0644"
notify: reload fail2ban
tags: all,firewall