infrastructure/ansible/roles/fail2ban_ssh/tasks/main.yml

- name: Make user
  user:
    name: "{{ f2b_user }}"
    comment: "{{ name }}"
    shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
    system: false
  become: true

- name: Give user sudo access to client
  lineinfile:
    path: /etc/sudoers
    line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"
  become: true

- name: Allow custom shell
  lineinfile:
    path: /etc/shells
    line: /home/{{ f2b_user }}/f2b-entrypoint.sh
  become: true

- name: Create entrypoint
  template:
    src: files/f2b-entrypoint.sh
    dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
    mode: 0755
  become: true
  register: sshd_config
Add fail2ban for traefik Remote action coming soon 2021-03-28 13:05:31 +01:00			`- name: Make user`
			`user:`
			`name: "{{ f2b_user }}"`
			`comment: "{{ name }}"`
			`shell: /home/{{ f2b_user }}/f2b-entrypoint.sh`
			`system: false`
			`become: true`

			`- name: Give user sudo access to client`
			`lineinfile:`
			`path: /etc/sudoers`
			`line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"`
			`become: true`

			`- name: Allow custom shell`
			`lineinfile:`
			`path: /etc/shells`
			`line: /home/{{ f2b_user }}/f2b-entrypoint.sh`
			`become: true`

			`- name: Create entrypoint`
			`template:`
			`src: files/f2b-entrypoint.sh`
			`dest: /home/{{ f2b_user }}/f2b-entrypoint.sh`
			`mode: 0755`
			`become: true`
			`register: sshd_config`