47 lines
979 B
YAML
47 lines
979 B
YAML
---
|
|
|
|
- name: Ensure nftables service is started and enabled
|
|
ansible.builtin.systemd:
|
|
name: nftables
|
|
state: started
|
|
enabled: true
|
|
tags: all,firewall
|
|
|
|
- name: Deploying nftables configuration
|
|
ansible.builtin.template:
|
|
src: nftables.conf.j2
|
|
dest: /etc/nftables.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
backup: true
|
|
validate: "nft -c -f %s"
|
|
notify:
|
|
- Reload nftables
|
|
- Restart fail2ban
|
|
tags: all,firewall
|
|
|
|
- name: Ensure fail2ban is installed
|
|
ansible.builtin.apt:
|
|
name: fail2ban
|
|
state: present
|
|
update_cache: true
|
|
tags: all,firewall
|
|
|
|
- name: Ensure fail2ban is enabled and running
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
state: started
|
|
enabled: true
|
|
tags: all,firewall
|
|
|
|
- name: Deploying fail2ban ssh conf
|
|
ansible.builtin.template:
|
|
src: sshd.conf.j2
|
|
dest: /etc/fail2ban/jail.d/sshd.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: reload fail2ban
|
|
tags: all,firewall
|