Add fail2ban for traefik

Remote action coming soon
2021-03-28 13:05:31 +01:00
parent 8398a2df21
commit 6973fb536f
17 changed files with 103 additions and 1 deletions
--- a/ansible/roles/fail2ban_ssh/defaults/main.yml
+++ b/ansible/roles/fail2ban_ssh/defaults/main.yml
@ -0,0 +1 @@
+f2b_user: f2b
--- a/ansible/roles/fail2ban_ssh/files/f2b-entrypoint.sh
+++ b/ansible/roles/fail2ban_ssh/files/f2b-entrypoint.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Remove `-c` argument
+shift
+
+sudo fail2ban-client $@
--- a/ansible/roles/fail2ban_ssh/tasks/main.yml
+++ b/ansible/roles/fail2ban_ssh/tasks/main.yml
@ -0,0 +1,27 @@
+- name: Make user
+  user:
+    name: "{{ f2b_user }}"
+    comment: "{{ name }}"
+    shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
+    system: false
+  become: true
+
+- name: Give user sudo access to client
+  lineinfile:
+    path: /etc/sudoers
+    line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"
+  become: true
+
+- name: Allow custom shell
+  lineinfile:
+    path: /etc/shells
+    line: /home/{{ f2b_user }}/f2b-entrypoint.sh
+  become: true
+
+- name: Create entrypoint
+  template:
+    src: files/f2b-entrypoint.sh
+    dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
+    mode: 0755
+  become: true
+  register: sshd_config