diff --git a/main.yml b/main.yml index 2fdf458..a2528d8 100644 --- a/main.yml +++ b/main.yml @@ -15,42 +15,46 @@ file: path: "/data" state: directory + tags: base_install - name: Setup base system import_tasks: tasks/base.yml + tags: base_install roles: - role: geerlingguy.docker docker_users: - administrator - # - role: grzegorzfranus.fail2ban - # vars: - # fail2ban_ignoreip: - # - 127.0.0.1/8 # loopback - # - 10.0.0.0/8 # Private - # - 172.16.0.0/12 # Private - # - 192.168.0.0/16 # Private - # - 169.254.0.0/16 # link-local / APIPA - # - 100.64.0.0/10 # CGNAT - # - 203.0.113.0/24 # TEST-NETs - # - 192.0.2.0/24 # TEST-NETs - # - 198.51.100.0/24 # TEST-NETs - # - ::1 # ULA - fc00::/7 # Private - # - fe80::/10 # Private - # fail2ban_bantime: "1h" - # fail2ban_findtime: "30m" - # fail2ban_maxretry: 3 - # fail2ban_custom_jail_files: - # - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf - # content: | - # [sshd-strict] - # enabled = true - # filter = sshd - # port = ssh - # logpath = journal - # backend = systemd - # maxretry = 3 - # bantime = 3600 - # findtime = 300 + tags: base_install + - role: grzegorzfranus.fail2ban + vars: + fail2ban_ignoreip: + - 127.0.0.1/8 # loopback + - 10.0.0.0/8 # Private + - 172.16.0.0/12 # Private + - 192.168.0.0/16 # Private + - 169.254.0.0/16 # link-local / APIPA + - 100.64.0.0/10 # CGNAT + - 203.0.113.0/24 # TEST-NETs + - 192.0.2.0/24 # TEST-NETs + - 198.51.100.0/24 # TEST-NETs + - ::1 # ULA - fc00::/7 # Private + - fe80::/10 # Private + fail2ban_bantime: "1h" + fail2ban_findtime: "30m" + fail2ban_maxretry: 3 + fail2ban_custom_jail_files: + - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf + content: | + [sshd-strict] + enabled = true + filter = sshd + port = ssh + logpath = journal + backend = systemd + maxretry = 3 + bantime = 3600 + findtime = 300 + tags: base_install tags: base_install