Antoine Ouvrard
36 lines
793 B
YAML
36 lines
793 B
YAML
---
|
|
- name: Installation de fail2ban et nftables
|
|
apt:
|
|
pkg:
|
|
- fail2ban
|
|
- nftables
|
|
update_cache: true
|
|
state: present
|
|
|
|
- name: Appliquation des règles de ban ssh
|
|
template:
|
|
src: ../files/jail.conf
|
|
dest: /etc/fail2ban/jail.d/jail.conf
|
|
notify:
|
|
- restart fail2ban
|
|
|
|
- name: Création du répertoire pour la surcharge systemd
|
|
file:
|
|
name: /etc/systemd/system/fail2ban.service.d
|
|
state: directory
|
|
|
|
- name: Règle de base pour nftables
|
|
template:
|
|
src: ../files/service-override.conf
|
|
dest: /etc/systemd/system/fail2ban.service.d/override.conf
|
|
|
|
- name: Déploiement des règles nftables (base)
|
|
tags:
|
|
- nftables
|
|
template:
|
|
src: ../files/nftables.conf
|
|
dest: /etc/nftables.conf
|
|
notify:
|
|
- restart nftables
|
|
- restart fail2ban
|