From 6ee13c1a6aecfc429f88639975347dee2abacdd4 Mon Sep 17 00:00:00 2001 From: James Hackett Date: Wed, 30 Nov 2022 23:51:31 +0000 Subject: [PATCH] moves nomad files into correct dir. fixes fail2ban config --- ansible/redbrick-ansible.yml | 5 +++-- ansible/roles/fail2ban/tasks/main.yml | 19 +++++++++++++++++++ ansible/templates/fail2ban.jail | 17 +++++++++++++++++ {nginx => nomad/nginx}/chell.html | 0 {nginx => nomad/nginx}/glados.html | 0 {nginx => nomad/nginx}/index.html | 0 {nginx => nomad/nginx}/nginx.hcl | 0 {nginx => nomad/nginx}/wheatley.html | 0 {traefik => nomad/traefik}/traefik.hcl | 0 9 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/fail2ban/tasks/main.yml create mode 100644 ansible/templates/fail2ban.jail rename {nginx => nomad/nginx}/chell.html (100%) rename {nginx => nomad/nginx}/glados.html (100%) rename {nginx => nomad/nginx}/index.html (100%) rename {nginx => nomad/nginx}/nginx.hcl (100%) rename {nginx => nomad/nginx}/wheatley.html (100%) rename {traefik => nomad/traefik}/traefik.hcl (100%) diff --git a/ansible/redbrick-ansible.yml b/ansible/redbrick-ansible.yml index e60672f..eafe6c2 100644 --- a/ansible/redbrick-ansible.yml +++ b/ansible/redbrick-ansible.yml @@ -4,5 +4,6 @@ hosts: all gather_facts: true roles: - - { role: apt } # update all packages, equivalent to `apt update && apt upgrade` - - { role: ssh } # add users defined in roles/defaults/main.yml + # - { role: apt } # update all packages, equivalent to `apt update && apt upgrade` + # - { role: ssh } # add users defined in roles/defaults/main.yml + # - { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail` diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml new file mode 100644 index 0000000..2a5297d --- /dev/null +++ b/ansible/roles/fail2ban/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Install fail2ban from apt + become: true + ansible.builtin.apt: + name: fail2ban + state: latest + +- name: Copy configuraion to host + become: true + ansible.builtin.copy: + src: templates/fail2ban.jail + dest: /etc/fail2ban/jail.local + force: true + +- name: Restart fail2ban to apply config + become: true + ansible.builtin.service: + name: fail2ban + state: restarted diff --git a/ansible/templates/fail2ban.jail b/ansible/templates/fail2ban.jail new file mode 100644 index 0000000..10a4640 --- /dev/null +++ b/ansible/templates/fail2ban.jail @@ -0,0 +1,17 @@ +[sshd] +enabled = true +port = ssh +filter = sshd + +# the length of time between login attempts for maxretry. +findtime = 600 + +# attempts from a single ip before a ban is imposed. +maxretry = 8 + +# the number of seconds that a host is banned for. +bantime = 3600 + +bantime.increment = true +bantime.factor = 1 +bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor diff --git a/nginx/chell.html b/nomad/nginx/chell.html similarity index 100% rename from nginx/chell.html rename to nomad/nginx/chell.html diff --git a/nginx/glados.html b/nomad/nginx/glados.html similarity index 100% rename from nginx/glados.html rename to nomad/nginx/glados.html diff --git a/nginx/index.html b/nomad/nginx/index.html similarity index 100% rename from nginx/index.html rename to nomad/nginx/index.html diff --git a/nginx/nginx.hcl b/nomad/nginx/nginx.hcl similarity index 100% rename from nginx/nginx.hcl rename to nomad/nginx/nginx.hcl diff --git a/nginx/wheatley.html b/nomad/nginx/wheatley.html similarity index 100% rename from nginx/wheatley.html rename to nomad/nginx/wheatley.html diff --git a/traefik/traefik.hcl b/nomad/traefik/traefik.hcl similarity index 100% rename from traefik/traefik.hcl rename to nomad/traefik/traefik.hcl