Changes made to the script to have allowipv6 set to yes within a [Definition] file.

21d2e40a · Nicolas Baudoin · 082740ee · 21d2e40a
Commit 21d2e40a authored 1 year ago by Nicolas Baudoin
--- a/tasks/config_fail2ban.yml
+++ b/tasks/config_fail2ban.yml
@@ -22,12 +22,14 @@

 # There was an error message with the restart of fail2ban on Alpine systems without that change.
 # Also, it makes sure ipv6 is being analysed.
- name: Ensure allowipv6 with value yes line is present
-  lineinfile:
+- name: Ensure [Definition] section and allowipv6 are present
+  blockinfile:
    path: /etc/fail2ban/fail2ban.conf
-    regexp: '^\[Definition\]'
-    insertbefore: '^\[Thread\]'
-    line: 'allowipv6 = yes'
+    block: |
+      [Definition]
+      allowipv6 = yes
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+  when: "'[Definition]' not in lookup('file', '/etc/fail2ban/fail2ban.conf') or 'allowipv6 =' not in lookup('file', '/etc/fail2ban/fail2ban.conf')"

 # Updating fail2ban to be able to work with the way our nftables work
 - name: Deploy custom nftables action for Fail2Ban