roles/base/network/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 ---
   8 - name: install networking tools
   9   apt:
  10     pkg:
  11     - ethtool
  12     - fail2ban
  13     - ifupdown
  14     - nftables
  15     - python3-pyinotify
  16     - python3-systemd
  17     - vlan
  18     - vnstat
  19     state: present
  20     policy_rc_d: 101
  21   tags: "online"
  22   ignore_errors: "{{ignore_online_errors | bool}}"
  23
  24
  25 - name: copy interfaces config
  26   copy:
  27     src: "{{item}}"
  28     dest: "/etc/network/interfaces"
  29     mode: 0644
  30     owner: "root"
  31     group: "root"
  32   with_first_found:
  33     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/interfaces"
  34     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/interfaces"
  35     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/interfaces"
  36     - "default/interfaces"
  37   notify: restart networking.service
  38
  39
  40 - name: copy nftables config
  41   copy:
  42     src: "{{item}}"
  43     dest: "/etc/nftables.conf"
  44     mode: 0644
  45     owner: "root"
  46     group: "root"
  47     validate: "nft --check --file %s"
  48   with_first_found:
  49     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nftables.conf"
  50     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nftables.conf"
  51     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nftables.conf"
  52     - "default/nftables.conf"
  53   notify:
  54     - restart nftables.service
  55     - restart fail2ban.service
  56
  57
  58 - name: copy fail2ban jail config
  59   copy:
  60     src: "{{item}}"
  61     dest: "/etc/fail2ban/jail.local"
  62     mode: 0644
  63     owner: "root"
  64     group: "root"
  65   with_first_found:
  66     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.jail.local"
  67     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.jail.local"
  68     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.jail.local"
  69     - "default/fail2ban.jail.local"
  70   notify: restart fail2ban.service
  71
  72
  73 - name: copy fail2ban/action.d/nftables-common.local
  74   copy:
  75     src: "{{item}}"
  76     dest: "/etc/fail2ban/action.d/nftables-common.local"
  77     mode: 0644
  78     owner: "root"
  79     group: "root"
  80   with_first_found:
  81     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.nftables-common.local"
  82     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.nftables-common.local"
  83     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.nftables-common.local"
  84     - "default/fail2ban.nftables-common.local"
  85   notify: restart fail2ban.service
  86
  87
  88 - name: copy fail2ban/filter.d/repeated-offenders.conf
  89   copy:
  90     src: "{{item}}"
  91     dest: "/etc/fail2ban/filter.d/repeated-offenders.conf"
  92     mode: 0644
  93     owner: "root"
  94     group: "root"
  95   with_first_found:
  96     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
  97     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
  98     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
  99     - "default/fail2ban.filter.repeated-offenders.conf"
 100   notify: restart fail2ban.service
 101
 102
 103 - name: copy vnstat.conf
 104   copy:
 105     src: "{{item}}"
 106     dest: "/etc/vnstat.conf"
 107     mode: 0644
 108     owner: "root"
 109     group: "root"
 110   with_first_found:
 111     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vnstat.conf"
 112     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vnstat.conf"
 113     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vnstat.conf"
 114     - "default/vnstat.conf"
 115   notify: restart vnstat.service
 116
 117
 118 - name: enable and start nftables.service
 119   include_role: name="base/systemd/enable-and-start"
 120   vars:
 121     service_name: nftables.service
 122
 123
 124 - name: enable and start fail2ban.service
 125   include_role: name="base/systemd/enable-and-start"
 126   vars:
 127     service_name: fail2ban.service
 128   # maybe the system is not fully setup yet.
 129   ignore_errors: yes
 130
 131
 132 - name: enable and start vnstat.service
 133   include_role: name="base/systemd/enable-and-start"
 134   vars:
 135     service_name: vnstat.service
 136   # maybe the system is not fully setup yet.
 137   ignore_errors: yes