Feat: use ini_file module

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
This commit is contained in:
Hadrien Patte 2019-03-23 19:10:56 +01:00
parent 8da9e10a51
commit 8463f1cf96
No known key found for this signature in database
GPG key ID: 0954F2874A54F4B1
3 changed files with 43 additions and 24 deletions

View file

@ -12,11 +12,20 @@
# Send email when there is something new
- name: Configure apt-listchanges
lineinfile:
dest: /etc/apt/listchanges.conf
regexp: "^{{ item.key }}="
line: "{{ item.value }}"
with_dict:
confirm: 'confirm=true'
email_address: "email_address={{ monitoring_mail }}"
which: 'which=both'
ini_file:
path: /etc/apt/listchanges.conf
no_extra_spaces: true
section: apt
option: "{{ item.option }}"
value: "{{ item.value }}"
state: present
loop:
- option: confirm
value: "true"
- option: email_address
value: "{{ monitoring_mail }}"
- option: which
value: both
...

View file

@ -47,11 +47,33 @@
until: apt_result is succeeded
- name: Configure fail2ban
template:
src: fail2ban/jail.d/local.conf.j2
dest: /etc/fail2ban/jail.d/local.conf
mode: 0644
ini_file:
path: /etc/fail2ban/jail.d/local.conf
section: "{{ item.section }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
state: present
notify: Restart fail2ban service
loop:
- section: DEFAULT
option: ignoreip
value: 10.128.0.254 # Whitelist bastion
- section: sshd
option: enabled
value: "true"
- section: sshd
option: bantime
value: 600
- section: sshd
option: findtime
value: 600
- section: sshd
option: maxretry
value: 5
# See altered packages and configurations with `debsums -ca`
- name: Install debsums

View file

@ -1,12 +0,0 @@
# {{ ansible_managed }}
# Ban a host for 10mn
# if it has failed 5 times during the last 10mn
[sshd]
enabled = true
bantime = 600
findtime = 600
maxretry = 5
# Whitelist bastion
ignoreip = 10.128.0.254