Compare commits
2 Commits
d3d189e284
...
32e80282ef
| Author | SHA1 | Date | |
|---|---|---|---|
32e80282ef
|
|||
|
c8bd9f4ec3
|
@ -14,6 +14,10 @@ vars:
|
|||||||
sh: 'yq .ungrouped.hosts.server.ansible_host {{.HOSTS_FILE}}'
|
sh: 'yq .ungrouped.hosts.server.ansible_host {{.HOSTS_FILE}}'
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
install-roles:
|
||||||
|
cmds:
|
||||||
|
- ansible-galaxy role install --role-file requirements.yml --force
|
||||||
|
|
||||||
ssh:
|
ssh:
|
||||||
cmds:
|
cmds:
|
||||||
- ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
|
- ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
|
||||||
|
|||||||
@ -26,9 +26,11 @@ services:
|
|||||||
- "/run/dbus:/run/dbus:ro"
|
- "/run/dbus:/run/dbus:ro"
|
||||||
- "/sys:/host/sys:ro"
|
- "/sys:/host/sys:ro"
|
||||||
- "/var/log:/host/var/log:ro"
|
- "/var/log:/host/var/log:ro"
|
||||||
|
- "/var/run:/host/var/run:ro"
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
environment:
|
environment:
|
||||||
PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
|
PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
|
||||||
|
NETDATA_EXTRA_DEB_PACKAGES: "fail2ban"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
{{ web_proxy_network }}:
|
{{ web_proxy_network }}:
|
||||||
|
|||||||
3
files/netdata/go.d/fail2ban.conf
Normal file
3
files/netdata/go.d/fail2ban.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
jobs:
|
||||||
|
- name: fail2ban
|
||||||
|
update_every: 5 # Collect Fail2Ban jails statistics every 5 seconds
|
||||||
@ -50,6 +50,14 @@
|
|||||||
group: "{{ app_user }}"
|
group: "{{ app_user }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
|
||||||
|
- name: "Copy fail2ban plugin config file"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "files/{{ app_name }}/go.d/fail2ban.conf"
|
||||||
|
dest: "{{ config_go_d_dir }}/fail2ban.conf"
|
||||||
|
owner: "{{ app_user }}"
|
||||||
|
group: "{{ app_user }}"
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
- name: "Grab docker group id."
|
- name: "Grab docker group id."
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
cmd: |
|
cmd: |
|
||||||
|
|||||||
@ -25,21 +25,13 @@
|
|||||||
name: "{{ apt_packages }}"
|
name: "{{ apt_packages }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: "Configure timezone"
|
|
||||||
ansible.builtin.import_role:
|
|
||||||
name: yatesr.timezone
|
|
||||||
vars:
|
|
||||||
timezone: UTC
|
|
||||||
tags:
|
|
||||||
- skip_ansible_lint
|
|
||||||
|
|
||||||
- name: "Configure security settings"
|
- name: "Configure security settings"
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.import_role:
|
||||||
name: geerlingguy.security
|
name: geerlingguy.security
|
||||||
vars:
|
vars:
|
||||||
security_ssh_permit_root_login: "yes"
|
security_ssh_permit_root_login: "yes"
|
||||||
security_autoupdate_enabled: "no"
|
security_autoupdate_enabled: "no"
|
||||||
security_fail2ban_enabled: "yes"
|
security_fail2ban_enabled: true
|
||||||
|
|
||||||
- name: "Copy keep files script"
|
- name: "Copy keep files script"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
version: 1.2.2
|
version: 1.2.2
|
||||||
|
|
||||||
- src: geerlingguy.security
|
- src: geerlingguy.security
|
||||||
version: 2.4.0
|
version: 3.0.0
|
||||||
|
|
||||||
- src: geerlingguy.docker
|
- src: geerlingguy.docker
|
||||||
version: 7.4.3
|
version: 7.4.7
|
||||||
|
|||||||
Reference in New Issue
Block a user