Adrien Reslinger
826c345aef
Some checks reported errors
continuous-integration/drone/push Build encountered an error
52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
---
|
|
- name: Install Debian family crowdsec bouncer (iptables)
|
|
ansible.builtin.apt:
|
|
name:
|
|
- crowdsec-firewall-bouncer-iptables
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
|
|
- name: Install RedHat family crowdsec bouncer (iptables)
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- crowdsec-firewall-bouncer-iptables
|
|
state: present
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- ansible_distribution_major_version <= '7'
|
|
|
|
- name: Install RedHat family crowdsec bouncer (nftables)
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- crowdsec-firewall-bouncer-nftables
|
|
state: present
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- ansible_distribution_major_version > '7'
|
|
|
|
# - name: Register new bouncer
|
|
# ansible.builtin.command: cscli bouncers add {{ inventory_hostname }} -o raw
|
|
# register: _csbouncer
|
|
# delegate_to: "{{ crowdsec_delegate_server_hostname }}"
|
|
# changed_when: _csbouncer.stderr is not search("already exists")
|
|
#
|
|
# - name: Deploy bouncer config
|
|
# ansible.builtin.lineinfile:
|
|
# regex: "{{ item.regex }}"
|
|
# line: "{{ item.line }}"
|
|
# dest: /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
|
# with_items:
|
|
# - regex: "^api_url"
|
|
# line: "api_url: {{ crowdsec_lapi_url }}"
|
|
# - regex: "^api_key"
|
|
# line: "api_key: {{ _csbouncer.stdout }}"
|
|
# when: _csbouncer.changed
|
|
# notify: restart crowdsec-firewall-bouncer
|
|
# loop_control:
|
|
# label: "{{ item.regex }}"
|
|
|
|
- name: Enable crowdsec firewall bouncer on boot
|
|
ansible.builtin.service:
|
|
name: crowdsec-firewall-bouncer
|
|
state: started
|
|
enabled: true
|