Jose
bc91383094
This commit updates the Fail2ban configuration to reduce bantime and findtime, and adds/fixes restart/reload tasks in handlers/main.yml. These changes aim to improve security and manageability of the fail2ban service.
52 lines
1003 B
YAML
52 lines
1003 B
YAML
---
|
|
# ansible_role_proxmox_provision/handlers/main.yml
|
|
# Handlers for role
|
|
# ==================
|
|
- name: Run apt update
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
|
|
- name: Restart pveproxy
|
|
ansible.builtin.systemd:
|
|
name: pveproxy
|
|
state: restarted
|
|
|
|
- name: Restart logrotate
|
|
ansible.builtin.service:
|
|
name: logrotate
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Restart log2ram
|
|
ansible.builtin.systemd:
|
|
name: log2ram
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
- name: Restart journald
|
|
ansible.builtin.systemd:
|
|
name: systemd-journald
|
|
state: restarted
|
|
|
|
- name: Reload systemd
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: Reload fail2ban
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
state: reloaded
|
|
enabled: true
|
|
|
|
- name: Restart fail2ban
|
|
ansible.builtin.systemd:
|
|
name: fail2ban
|
|
state: restarted
|
|
enabled: true
|
|
|
|
|
|
- name: Reload pve firewall
|
|
ansible.builtin.command: pve-firewall reload
|
|
when: fw_compile_check.rc == 0
|
|
changed_when: false
|