##################################### ### someone's ansible provisioner ### ##################################### # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2024 by someone # --- - name: install networking tools apt: pkg: - ethtool - fail2ban - ifupdown - nftables - python3-pyinotify - python3-systemd - vlan - vnstat state: present policy_rc_d: 101 tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" - name: copy interfaces config copy: src: "{{item}}" dest: "/etc/network/interfaces" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/interfaces" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/interfaces" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/interfaces" - "default/interfaces" notify: restart networking.service - name: copy nftables config copy: src: "{{item}}" dest: "/etc/nftables.conf" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nftables.conf" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nftables.conf" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nftables.conf" - "default/nftables.conf" notify: - restart nftables.service - restart fail2ban.service - name: copy fail2ban jail config copy: src: "{{item}}" dest: "/etc/fail2ban/jail.local" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.jail.local" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.jail.local" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.jail.local" - "default/fail2ban.jail.local" notify: restart fail2ban.service - name: copy fail2ban/action.d/nftables-common.local copy: src: "{{item}}" dest: "/etc/fail2ban/action.d/nftables-common.local" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.nftables-common.local" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.nftables-common.local" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.nftables-common.local" - "default/fail2ban.nftables-common.local" notify: restart fail2ban.service - name: copy fail2ban/filter.d/repeated-offenders.conf copy: src: "{{item}}" dest: "/etc/fail2ban/filter.d/repeated-offenders.conf" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.filter.repeated-offenders.conf" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.filter.repeated-offenders.conf" - "default/fail2ban.filter.repeated-offenders.conf" notify: restart fail2ban.service - name: copy vnstat.conf copy: src: "{{item}}" dest: "/etc/vnstat.conf" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vnstat.conf" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vnstat.conf" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vnstat.conf" - "default/vnstat.conf" notify: restart vnstat.service - name: enable and start nftables.service include_role: name="base/systemd/enable-and-start" vars: service_name: nftables.service - name: enable and start fail2ban.service include_role: name="base/systemd/enable-and-start" vars: service_name: fail2ban.service # maybe the system is not fully setup yet. ignore_errors: yes - name: enable and start vnstat.service include_role: name="base/systemd/enable-and-start" vars: service_name: vnstat.service # maybe the system is not fully setup yet. ignore_errors: yes