diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-15 19:16:00 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-15 19:16:03 +0100 |
| commit | 57273eb0ab62acbc38a327f50ccfd1ac5cc415da (patch) | |
| tree | 0f15d25b502c8ad8056cc349015b95ff245e3021 | |
| parent | a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (diff) | |
fail2ban: Only install the roundcube/dovecot filters if needed.
It doesn't hurt to install them on all machines, but we're overriding
the provided /etc/fail2ban/filter.d/dovecot.conf and would rather keep
our delta minimal.
| -rw-r--r-- | roles/common/tasks/fail2ban.yml | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml index da4db51..84e6b7a 100644 --- a/roles/common/tasks/fail2ban.yml +++ b/roles/common/tasks/fail2ban.yml @@ -1,29 +1,37 @@ - name: Install fail2ban apt: pkg=fail2ban -- name: Add addititional filters - copy: src=etc/fail2ban/filter.d/{{ item }} - dest=/etc/fail2ban/filter.d/{{ item }} - owner=root group=root - mode=0644 - register: r1 - with_items: - - dovecot.conf - - roundcube.conf - notify: - - Restart fail2ban - - name: Configure fail2ban template: src=etc/fail2ban/jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=0644 + register: r1 + notify: + - Restart fail2ban + +- name: Add roundcube filter + copy: src=etc/fail2ban/filter.d/roundcube.conf + dest=/etc/fail2ban/filter.d/roundcube.conf + owner=root group=root + mode=0644 register: r2 + when: "'webmail' in group_names" + notify: + - Restart fail2ban + +- name: Add dovecot filter + copy: src=etc/fail2ban/filter.d/dovecot.conf + dest=/etc/fail2ban/filter.d/dovecot.conf + owner=root group=root + mode=0644 + register: r3 + when: "'IMAP' in group_names" notify: - Restart fail2ban - name: Start fail2ban service: name=fail2ban state=started - when: not (r1.changed or r2.changed) + when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers |