infrastructure/ansible/roles/fail2ban_ssh/tasks/main.yml

34 lines
808 B
YAML

- name: Make user
user:
name: "{{ f2b_user }}"
comment: "{{ name }}"
shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
system: false
become: true
- name: Give user sudo access to client
lineinfile:
path: /etc/sudoers
line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"
become: true
- name: Allow custom shell
lineinfile:
path: /etc/shells
line: /home/{{ f2b_user }}/f2b-entrypoint.sh
become: true
- name: Create entrypoint
template:
src: files/f2b-entrypoint.sh
dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
mode: 0755
become: true
register: sshd_config
- name: Set up authorized keys
ansible.posix.authorized_key:
user: "{{ f2b_user }}"
state: present
key: "{{ lookup('file', 'files/f2b_key.pub') }}"
become: true