adrien/ansible-role-crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update ansible code
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-08-16 17:09:58 +02:00
parent 156561e633
commit 18e86f8687
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
5 changed files with 120 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

168
tasks/main.yml
View file

@ -1,99 +1,99 @@
---
- name: Crowdsec setup
block:
# - name: Include vars for {{ ansible_os_family }}
# include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
# - name: Include vars for {{ ansible_os_family }}
# ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- name: Debian family configuration
block:
- name: Install required packages
- name: Debian family configuration
block:
- name: Install required packages
ansible.builtin.package:
name:
- apt-transport-https
- gnupg
state: present
update_cache: true
- name: add crowdsec apt key
ansible.builtin.apt_key:
url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
state: present
- name: add crowdsec repository
ansible.builtin.apt_repository:
repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
state: present
update_cache: true
when:
- ansible_os_family == "Debian"
- name: RedHat family configuration
block:
- name: Import CrowdSec RPM key
ansible.builtin.rpm_key:
state: present
key: "{{ item }}"
with_items:
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
- name: Add Official crowdsec's repo
ansible.builtin.yum_repository:
name: crowdsec_crowdsec
description: crowdsec_crowdsec
baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
enabled: true
gpgcheck: true
repo_gpgcheck: true
gpgkey:
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
metadata_expire: "300"
file: crowdsec
when:
- ansible_os_family == "RedHat"
- name: Install crowdsec
ansible.builtin.package:
name:
- apt-transport-https
- gnupg
- crowdsec
state: present
update_cache: yes
update_cache: true
- name: add crowdsec apt key
ansible.builtin.apt_key:
url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
state: present
- name: Deploy main config
ansible.builtin.template:
src: etc/crowdsec/config.yaml.j2
dest: /etc/crowdsec/config.yaml
owner: root
group: root
mode: 0644
notify: restart crowdsec
- name: add crowdsec repository
ansible.builtin.apt_repository:
repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
state: present
update_cache: yes
- name: Deploy whitelist
ansible.builtin.template:
src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
owner: root
group: root
mode: 0644
when: crowdsec_whitelist.enabled
notify: restart crowdsec
when:
- ansible_os_family == "Debian"
- name: Flush handlers to apply config
ansible.builtin.meta: flush_handlers
- name: RedHat family configuration
block:
- name: Import CrowdSec RPM key
ansible.builtin.rpm_key:
state: present
key: "{{ item }}"
with_items:
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
- name: Add Official crowdsec's repo
ansible.builtin.yum_repository:
name: crowdsec_crowdsec
description: crowdsec_crowdsec
baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
enabled: true
gpgcheck: true
repo_gpgcheck: true
gpgkey:
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
metadata_expire: "300"
file: crowdsec
when:
- ansible_os_family == "RedHat"
- name: Install crowdsec
ansible.builtin.package:
name:
- crowdsec
state: present
update_cache: yes
- name: Deploy main config
template:
src: etc/crowdsec/config.yaml.j2
dest: /etc/crowdsec/config.yaml
owner: root
group: root
mode: 0644
notify: restart crowdsec
- name: Deploy whitelist
template:
src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
owner: root
group: root
mode: 0644
when: crowdsec_whitelist.enabled
notify: restart crowdsec
- name: Flush handlers to apply config
meta: flush_handlers
# - name: Register agent(s)
# include_tasks: register_agent.yml
# when:
# - crowdsec_delegate_server_hostname != inventory_hostname
# - name: Register agent(s)
# ansible.builtin.include_tasks: register_agent.yml
# when:
# - crowdsec_delegate_server_hostname != inventory_hostname
#
- name: Register distributed bouncers(s)
include_tasks: add_bouncer.yml
when:
- crowdsec_bouncer.enabled
- name: Register distributed bouncers(s)
ansible.builtin.include_tasks: add_bouncer.yml
when:
- crowdsec_bouncer.enabled
tags:
- crowdsec