Adrien Reslinger
a3a23cf77e
Some checks reported errors
continuous-integration/drone/push Build encountered an error
108 lines
3.5 KiB
YAML
108 lines
3.5 KiB
YAML
---
|
|
- name: Crowdsec setup
|
|
block:
|
|
# - name: Include vars for {{ ansible_os_family }}
|
|
# ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
|
|
|
- name: Debian family configuration
|
|
block:
|
|
- name: Install required packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- apt-transport-https
|
|
- gnupg
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: add crowdsec apt key
|
|
ansible.builtin.apt_key:
|
|
url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
|
|
state: present
|
|
|
|
- name: add crowdsec repository
|
|
ansible.builtin.apt_repository:
|
|
repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release | lower }} main'
|
|
state: present
|
|
update_cache: true
|
|
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
|
|
- name: RedHat family configuration
|
|
block:
|
|
- name: Import CrowdSec RPM key
|
|
ansible.builtin.rpm_key:
|
|
state: present
|
|
key: "{{ item }}"
|
|
with_items:
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
|
|
- name: Add Official crowdsec's repo
|
|
ansible.builtin.yum_repository:
|
|
name: crowdsec_crowdsec
|
|
description: crowdsec_crowdsec
|
|
baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
|
|
enabled: true
|
|
gpgcheck: true
|
|
repo_gpgcheck: true
|
|
gpgkey:
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
|
|
- https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
|
|
metadata_expire: "300"
|
|
file: crowdsec
|
|
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- name: Install crowdsec
|
|
ansible.builtin.package:
|
|
name:
|
|
- crowdsec
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Deploy main config
|
|
ansible.builtin.template:
|
|
src: "etc/crowdsec/{{ item }}.yaml.j2"
|
|
dest: "/etc/crowdsec/{{ item }}.yaml.local"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- "config"
|
|
- "profiles"
|
|
notify: restart crowdsec
|
|
|
|
- name: Deploy whitelist
|
|
ansible.builtin.template:
|
|
src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
|
|
dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: crowdsec_whitelist.enabled
|
|
notify: restart crowdsec
|
|
|
|
- name: Enable crowdsec on boot
|
|
ansible.builtin.service:
|
|
name: crowdsec
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Flush handlers to apply config
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
# - name: Register agent(s)
|
|
# ansible.builtin.include_tasks: register_agent.yml
|
|
# when:
|
|
# - crowdsec_delegate_server_hostname != inventory_hostname
|
|
#
|
|
- name: Register distributed bouncers(s)
|
|
ansible.builtin.include_tasks: add_bouncer.yml
|
|
when:
|
|
- crowdsec_bouncer.enabled
|
|
|
|
tags:
|
|
- crowdsec
|