cellinfo
/
ansible.nftables
2
0
Fork 0
Code Issues Pull Requests Releases Activity

Automatically add overrides for fail2ban unit

This commit is contained in:
Jeremy Gardais 2021-07-30 09:39:45 +02:00
parent 5001448a81
commit ac61739f91
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
3 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -79,7 +79,6 @@ complexify his philosophy… (I'm pretty sure, i now did complexify it :D) ^^
* **nft_service_name**: `nftables` service name [default: `nftables`]. * **nft_service_name**: `nftables` service name [default: `nftables`].
* **nft_service_enabled**: Set `nftables` service available at startup [default: `true`]. * **nft_service_enabled**: Set `nftables` service available at startup [default: `true`].
* **nft__service_protect**: If systemd unit should protect system and home [default: `true`]. * **nft__service_protect**: If systemd unit should protect system and home [default: `true`].
* **nft__fail2ban_service**: If the Nftables service should also restart the Fail2ban service [default: `False`].
* **nft_merged_groups** : If variables from the hosts Ansible groups should be merged [default : `false`]. * **nft_merged_groups** : If variables from the hosts Ansible groups should be merged [default : `false`].
* **nft_merged_groups_dir** : The dictionary where the nftables group rules, named like the Ansible groups, are located in [default : `vars/`]. * **nft_merged_groups_dir** : The dictionary where the nftables group rules, named like the Ansible groups, are located in [default : `vars/`].
* **nft_debug** : Toggle more verbose output on/off. [default: 'false']. * **nft_debug** : Toggle more verbose output on/off. [default: 'false'].

12
defaults/main.yml
View File

@ -573,18 +573,6 @@ nft__fail2ban_service_unit_path: '/etc/systemd/system/fail2ban.service.d/overrid
# Template used to provide systemd custom conf for Fail2Ban service. # Template used to provide systemd custom conf for Fail2Ban service.
nft__fail2ban_service_unit_content: 'etc/systemd/system/fail2ban.service.d/override.conf.j2' nft__fail2ban_service_unit_content: 'etc/systemd/system/fail2ban.service.d/override.conf.j2'
# ]]] # ]]]
# .. envvar:: nft__fail2ban_service [[[
#
# If the Nftables systemd unit should also restart Fail2ban service. Possible
# options are:
#
# ``False``
# Default. Nftables service will not affect Fail2ban service.
#
# ``True``
# Any Nftables service (re)start will also restart Fail2ban service.
nft__fail2ban_service: False
# ]]]
# #
# .. envvar:: nft_debug [[[ # .. envvar:: nft_debug [[[
# #

2
tasks/main.yml
View File

@ -196,7 +196,6 @@
when: when:
- nft_enabled|bool - nft_enabled|bool
- nft_service_manage|bool - nft_service_manage|bool
- nft__fail2ban_service|bool
- name: Install Debian Fail2Ban custom service - name: Install Debian Fail2Ban custom service
template: template:
@ -209,5 +208,4 @@
when: when:
- nft_enabled|bool - nft_enabled|bool
- nft_service_manage|bool - nft_service_manage|bool
- nft__fail2ban_service|bool
notify: ['Restart nftables service'] notify: ['Restart nftables service']