Feat: use ini_file module
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
This commit is contained in:
parent
8da9e10a51
commit
8463f1cf96
3 changed files with 43 additions and 24 deletions
|
@ -12,11 +12,20 @@
|
|||
|
||||
# Send email when there is something new
|
||||
- name: Configure apt-listchanges
|
||||
lineinfile:
|
||||
dest: /etc/apt/listchanges.conf
|
||||
regexp: "^{{ item.key }}="
|
||||
line: "{{ item.value }}"
|
||||
with_dict:
|
||||
confirm: 'confirm=true'
|
||||
email_address: "email_address={{ monitoring_mail }}"
|
||||
which: 'which=both'
|
||||
ini_file:
|
||||
path: /etc/apt/listchanges.conf
|
||||
no_extra_spaces: true
|
||||
section: apt
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
loop:
|
||||
- option: confirm
|
||||
value: "true"
|
||||
|
||||
- option: email_address
|
||||
value: "{{ monitoring_mail }}"
|
||||
|
||||
- option: which
|
||||
value: both
|
||||
...
|
||||
|
|
|
@ -47,11 +47,33 @@
|
|||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure fail2ban
|
||||
template:
|
||||
src: fail2ban/jail.d/local.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/local.conf
|
||||
mode: 0644
|
||||
ini_file:
|
||||
path: /etc/fail2ban/jail.d/local.conf
|
||||
section: "{{ item.section }}"
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
notify: Restart fail2ban service
|
||||
loop:
|
||||
- section: DEFAULT
|
||||
option: ignoreip
|
||||
value: 10.128.0.254 # Whitelist bastion
|
||||
|
||||
- section: sshd
|
||||
option: enabled
|
||||
value: "true"
|
||||
|
||||
- section: sshd
|
||||
option: bantime
|
||||
value: 600
|
||||
|
||||
- section: sshd
|
||||
option: findtime
|
||||
value: 600
|
||||
|
||||
- section: sshd
|
||||
option: maxretry
|
||||
value: 5
|
||||
|
||||
# See altered packages and configurations with `debsums -ca`
|
||||
- name: Install debsums
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
# Ban a host for 10mn
|
||||
# if it has failed 5 times during the last 10mn
|
||||
[sshd]
|
||||
enabled = true
|
||||
bantime = 600
|
||||
findtime = 600
|
||||
maxretry = 5
|
||||
|
||||
# Whitelist bastion
|
||||
ignoreip = 10.128.0.254
|
Loading…
Reference in a new issue