This commit is contained in:
parent
2d8a504780
commit
21a784cc63
GPG key ID:
DA7B27055C66D6DE
7 changed files with 180 additions and 1 deletions
37
tasks/add_bouncer.yml
Normal file
37
tasks/add_bouncer.yml
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- name: Install bouncer (currently only firewall)
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- crowdsec-firewall-bouncer
|
||||
- crowdsec-firewall-bouncer-iptables
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Install crowdsec
|
||||
ansible.builtin.dnf:
|
||||
name:
|
||||
- crowdsec-firewall-bouncer-nftables
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
#- name: Register new bouncer
|
||||
# command: cscli bouncers add {{ inventory_hostname }} -o raw
|
||||
# register: _csbouncer
|
||||
# delegate_to: "{{ crowdsec_delegate_server_hostname }}"
|
||||
# changed_when: _csbouncer.stderr is not search("already exists")
|
||||
#
|
||||
#- name: Deploy bouncer config
|
||||
# lineinfile:
|
||||
# regex: "{{ item.regex }}"
|
||||
# line: "{{ item.line }}"
|
||||
# dest: /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
||||
# with_items:
|
||||
# - regex: "^api_url"
|
||||
# line: "api_url: {{ crowdsec_lapi_url }}"
|
||||
# - regex: "^api_key"
|
||||
# line: "api_key: {{ _csbouncer.stdout }}"
|
||||
# when: _csbouncer.changed
|
||||
# notify: restart crowdsec-firewall-bouncer
|
||||
# loop_control:
|
||||
# label: "{{ item.regex }}"
|
||||
Loading…
Add table
Add a link
Reference in a new issue