40 lines
1.1 KiB
Terraform
40 lines
1.1 KiB
Terraform
|
# you must prefixe path with "${path.module}/"
|
||
|
resource "null_resource" "fail2ban" {
|
||
|
# triggers = {
|
||
|
# source = filesha256("${path.module}/script")
|
||
|
# }
|
||
|
connection {
|
||
|
type = "ssh"
|
||
|
user = "root"
|
||
|
host = var.connection_ip
|
||
|
private_key = var.connection_private_key
|
||
|
}
|
||
|
|
||
|
# provisioner "file" {
|
||
|
# source = "${path.module}/script"
|
||
|
# destination = "/tmp"
|
||
|
# }
|
||
|
|
||
|
provisioner "remote-exec" {
|
||
|
inline = [
|
||
|
"echo '#-----------------------'",
|
||
|
"echo '# module alpine_fail2ban'",
|
||
|
"echo '#-----------------------'",
|
||
|
"echo '# install fail2ban'",
|
||
|
"apk add fail2ban",
|
||
|
#
|
||
|
"echo '# enable service fail2ban'",
|
||
|
"rc-update add fail2ban",
|
||
|
"rc-service fail2ban start",
|
||
|
#
|
||
|
"echo '# install helpers'",
|
||
|
"ln -s /etc/fail2ban /root/fail2ban",
|
||
|
"ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
|
||
|
"ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban",
|
||
|
"ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload",
|
||
|
"echo '# module DONE'",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
}
|