Add fail2ban and firewall

DO1JLR · Dec 31, 2020 · 5d87247 · 5d87247
1 parent 1505e8b
commit 5d87247
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 1 deletion.
diff --git a/.gitmodules b/.gitmodules
@@ -34,3 +34,9 @@
 [submodule "roles/goaccess"]
 	path = roles/goaccess
 	url = https://github.com/roles-ansible/ansible_role_goaccess.git
+[submodule "roles/geerlingguy.firewall"]
+	path = roles/geerlingguy.firewall
+	url = https://github.com/geerlingguy/ansible-role-firewall.git
+[submodule "roles/robertdebock.fail2ban"]
+	path = roles/robertdebock.fail2ban
+	url = https://github.com/robertdebock/ansible-role-fail2ban.git
diff --git a/host_vars/web01.l3d.space.yml b/host_vars/web01.l3d.space.yml
@@ -32,5 +32,12 @@ nginx_sites:
   - name: 'c3woc.cn'
   - name: 'www.c3woc.cn'
 
-
 acme_notification_email: "acme_{{ inventory_hostname }}@l3d.yt"
+
+# firewall
+firewall_allowed_tcp_ports:
+  - "22"
+  - "25"
+  - "80"
+  - "443"
+fail2ban_destemail: "fail2ban_notify_{{ inventory_hostname }}@l3d.yt"
diff --git a/roles/geerlingguy.firewall b/roles/geerlingguy.firewall
diff --git a/roles/robertdebock.fail2ban b/roles/robertdebock.fail2ban
diff --git a/site.yml b/site.yml
@@ -14,6 +14,8 @@
     - { role: dotfiles, tags: [default,dotfiles]}
     - { role: ssh_auth, tags: [default,users]}
     - { role: sshd, tags: [default,users]}
+    - { role: geerlingguy.firewall, tags: [default,firewall], become: true}
+    - { role: robertdebock.fail2ban, tags: [default,fail2ban], become: true}
 
 - name: deploy web config
   hosts: web