ansible-role-crowdsec/tasks/main.yml

---
- name: Crowdsec setup
  block:
#    - name: Include vars for {{ ansible_os_family }}
#      ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"

    - name: Debian family configuration
      block:
        - name: Install required packages
          ansible.builtin.package:
            name:
              - apt-transport-https
              - gnupg
            state: present
            update_cache: true

        - name: add crowdsec apt key
          ansible.builtin.apt_key:
            url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
            state: present

        - name: add crowdsec repository
          ansible.builtin.apt_repository:
            repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release | lower }} main'
            state: present
            update_cache: true

      when:
        - ansible_os_family == "Debian"

    - name: RedHat family configuration
      block:
        - name: Import CrowdSec RPM key
          ansible.builtin.rpm_key:
            state: present
            key: "{{ item }}"
          with_items:
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
        - name: Add Official crowdsec's repo
          ansible.builtin.yum_repository:
            name: crowdsec_crowdsec
            description: crowdsec_crowdsec
            baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
            enabled: true
            gpgcheck: true
            repo_gpgcheck: true
            gpgkey:
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
            metadata_expire: "300"
            file: crowdsec

      when:
        - ansible_os_family == "RedHat"

    - name: Install crowdsec
      ansible.builtin.package:
        name:
          - crowdsec
        state: present
        update_cache: true

    - name: Deploy main config
      ansible.builtin.template:
        src: etc/crowdsec/config.yaml.j2
        dest: /etc/crowdsec/config.yaml
        owner: root
        group: root
        mode: 0644
      notify: restart crowdsec

    - name: Deploy whitelist
      ansible.builtin.template:
        src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
        dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
        owner: root
        group: root
        mode: 0644
      when: crowdsec_whitelist.enabled
      notify: restart crowdsec

    - name: Enable crowdsec on boot
      ansible.builtin.service:
        name: crowdsec
        state: started
        enabled: true

    - name: Flush handlers to apply config
      ansible.builtin.meta: flush_handlers

#    - name: Register agent(s)
#      ansible.builtin.include_tasks: register_agent.yml
#      when:
#        - crowdsec_delegate_server_hostname != inventory_hostname
#
    - name: Register distributed bouncers(s)
      ansible.builtin.include_tasks: add_bouncer.yml
      when:
        - crowdsec_bouncer.enabled

  tags:
    - crowdsec