1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
8 - name: install networking tools
22 ignore_errors: "{{ignore_online_errors | bool}}"
25 - name: copy interfaces config
28 dest: "/etc/network/interfaces"
33 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/interfaces"
34 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/interfaces"
35 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/interfaces"
36 - "default/interfaces"
37 notify: restart networking.service
40 - name: copy nftables config
43 dest: "/etc/nftables.conf"
48 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nftables.conf"
49 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nftables.conf"
50 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nftables.conf"
51 - "default/nftables.conf"
53 - restart nftables.service
54 - restart fail2ban.service
57 - name: copy fail2ban jail config
60 dest: "/etc/fail2ban/jail.local"
65 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.jail.local"
66 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.jail.local"
67 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.jail.local"
68 - "default/fail2ban.jail.local"
69 notify: restart fail2ban.service
72 - name: copy fail2ban/action.d/nftables-common.local
75 dest: "/etc/fail2ban/action.d/nftables-common.local"
80 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.nftables-common.local"
81 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.nftables-common.local"
82 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.nftables-common.local"
83 - "default/fail2ban.nftables-common.local"
84 notify: restart fail2ban.service
87 - name: copy fail2ban/filter.d/repeated-offenders.conf
90 dest: "/etc/fail2ban/filter.d/repeated-offenders.conf"
95 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
96 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
97 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.filter.repeated-offenders.conf"
98 - "default/fail2ban.filter.repeated-offenders.conf"
99 notify: restart fail2ban.service
102 - name: copy vnstat.conf
105 dest: "/etc/vnstat.conf"
110 - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vnstat.conf"
111 - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vnstat.conf"
112 - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vnstat.conf"
113 - "default/vnstat.conf"
114 notify: restart vnstat.service
117 - name: enable and start nftables.service
118 include_role: name="base/systemd/enable-and-start"
120 service_name: nftables.service
123 - name: enable and start fail2ban.service
124 include_role: name="base/systemd/enable-and-start"
126 service_name: fail2ban.service
127 # maybe the system is not fully setup yet.
131 - name: enable and start vnstat.service
132 include_role: name="base/systemd/enable-and-start"
134 service_name: vnstat.service
135 # maybe the system is not fully setup yet.