Update ansible roles

Netdata: add fail2ban monitoring
2025-05-17 17:17:01 +03:00 · 2025-05-17 16:58:12 +03:00
7 changed files with 21 additions and 12 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@ -14,6 +14,10 @@ vars:
    sh: 'yq .ungrouped.hosts.server.ansible_host {{.HOSTS_FILE}}'

 tasks:
+  install-roles:
+    cmds:
+      - ansible-galaxy role install --role-file requirements.yml --force
+
  ssh:
    cmds:
    - ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
--- a/files/keep-files.py
+++ b/files/keep-files.py
@ -32,7 +32,7 @@ def main():
    sorted_files = sorted(files)

    # Identify files to delete
-    to_delete = sorted_files[: -args.keep] if args.keep > 0 else sorted_files.copy()
+    to_delete = sorted_files[:-args.keep] if args.keep > 0 else sorted_files.copy()

    # Delete files and print results
    for filename in to_delete:
--- a/files/netdata/docker-compose.yml.j2
+++ b/files/netdata/docker-compose.yml.j2
@ -26,9 +26,11 @@ services:
      - "/run/dbus:/run/dbus:ro"
      - "/sys:/host/sys:ro"
      - "/var/log:/host/var/log:ro"
+      - "/var/run:/host/var/run:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
+      NETDATA_EXTRA_DEB_PACKAGES: "fail2ban"

 networks:
  {{ web_proxy_network }}:
--- a/files/netdata/go.d/fail2ban.conf
+++ b/files/netdata/go.d/fail2ban.conf
@ -0,0 +1,3 @@
+jobs:
+  - name: fail2ban
+    update_every: 5  # Collect Fail2Ban jails statistics every 5 seconds
--- a/playbook-netdata.yml
+++ b/playbook-netdata.yml
@ -50,6 +50,14 @@
        group: "{{ app_user }}"
        mode: "0640"

+    - name: "Copy fail2ban plugin config file"
+      ansible.builtin.copy:
+        src: "files/{{ app_name }}/go.d/fail2ban.conf"
+        dest: "{{ config_go_d_dir }}/fail2ban.conf"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
    - name: "Grab docker group id."
      ansible.builtin.shell:
        cmd: |
--- a/playbook-system.yml
+++ b/playbook-system.yml
@ -25,21 +25,13 @@
        name: "{{ apt_packages }}"
        update_cache: true

-    - name: "Configure timezone"
-      ansible.builtin.import_role:
-        name: yatesr.timezone
-      vars:
-        timezone: UTC
-      tags:
-        - skip_ansible_lint
-
    - name: "Configure security settings"
      ansible.builtin.import_role:
        name: geerlingguy.security
      vars:
        security_ssh_permit_root_login: "yes"
        security_autoupdate_enabled: "no"
-        security_fail2ban_enabled: "yes"
+        security_fail2ban_enabled: true

    - name: "Copy keep files script"
      ansible.builtin.copy:
--- a/requirements.yml
+++ b/requirements.yml
@ -3,7 +3,7 @@
  version: 1.2.2

 - src: geerlingguy.security
-  version: 2.4.0
+  version: 3.0.0

 - src: geerlingguy.docker
-  version: 7.4.3
+  version: 7.4.7
Author	SHA1	Message	Date
Anton Vakhrushev	32e80282ef	Update ansible roles	2025-05-17 17:17:01 +03:00
Anton Vakhrushev	c8bd9f4ec3	Netdata: add fail2ban monitoring	2025-05-17 16:58:12 +03:00