Nicolas Baudoin · 7fff4b84 · 21d2e40a · 082740ee · 85bbca54 · 7fff4b84
--- a/tasks/config_fail2ban.yml

+ 14

− 3
+++ b/tasks/config_fail2ban.yml

+ 14

− 3
 @@ -22,12 +22,23 @@

 # There was an error message with the restart of fail2ban on Alpine systems without that change.
 # Also, it makes sure ipv6 is being analysed.
- name: Ensure allowipv6 with value yes line is present
+# Added also this part to remove duplicates of either parts of the block
+- name: Remove duplicate [Definition] or allowipv6 = yes lines
  lineinfile:
    path: /etc/fail2ban/fail2ban.conf
-    regexp: '^\[Definition\]'
+    regexp: '^\[Definition\]|^allowipv6 = yes$'
+    state: absent
+
+- name: Ensure [Definition] section with allowipv6 = yes is present with an extra empty line below [Thread]
+  blockinfile:
+    path: /etc/fail2ban/fail2ban.conf
+    block: |
+      [Definition]
+
+      allowipv6 = yes
+      
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
    insertbefore: '^\[Thread\]'
-    line: 'allowipv6 = yes'

 # Updating fail2ban to be able to work with the way our nftables work
 - name: Deploy custom nftables action for Fail2Ban