summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-15 19:16:00 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-15 19:16:03 +0100
commit57273eb0ab62acbc38a327f50ccfd1ac5cc415da (patch)
tree0f15d25b502c8ad8056cc349015b95ff245e3021 /roles/common
parenta0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (diff)
fail2ban: Only install the roundcube/dovecot filters if needed.
It doesn't hurt to install them on all machines, but we're overriding the provided /etc/fail2ban/filter.d/dovecot.conf and would rather keep our delta minimal.
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/tasks/fail2ban.yml34
1 files changed, 21 insertions, 13 deletions
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index da4db51..84e6b7a 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -1,29 +1,37 @@
- name: Install fail2ban
apt: pkg=fail2ban
-- name: Add addititional filters
- copy: src=etc/fail2ban/filter.d/{{ item }}
- dest=/etc/fail2ban/filter.d/{{ item }}
- owner=root group=root
- mode=0644
- register: r1
- with_items:
- - dovecot.conf
- - roundcube.conf
- notify:
- - Restart fail2ban
-
- name: Configure fail2ban
template: src=etc/fail2ban/jail.local.j2
dest=/etc/fail2ban/jail.local
owner=root group=root
mode=0644
+ register: r1
+ notify:
+ - Restart fail2ban
+
+- name: Add roundcube filter
+ copy: src=etc/fail2ban/filter.d/roundcube.conf
+ dest=/etc/fail2ban/filter.d/roundcube.conf
+ owner=root group=root
+ mode=0644
register: r2
+ when: "'webmail' in group_names"
+ notify:
+ - Restart fail2ban
+
+- name: Add dovecot filter
+ copy: src=etc/fail2ban/filter.d/dovecot.conf
+ dest=/etc/fail2ban/filter.d/dovecot.conf
+ owner=root group=root
+ mode=0644
+ register: r3
+ when: "'IMAP' in group_names"
notify:
- Restart fail2ban
- name: Start fail2ban
service: name=fail2ban state=started
- when: not (r1.changed or r2.changed)
+ when: not (r1.changed or r2.changed or r3.changed)
- meta: flush_handlers