ansible-personal/roles/common/tasks/fail2ban.yml

---

- name: Configure fail2ban sshd filter
  template: src=etc/fail2ban/jail.d/sshd.local.j2 dest=/etc/fail2ban/jail.d/sshd.local owner=root mode=0644
  notify: restart fail2ban

- name: Create fail2ban service override directory
  file: path=/etc/systemd/system/fail2ban.service.d state=directory owner=root mode=0755

# See Arch Linux's example: https://wiki.archlinux.org/index.php/Fail2ban
- name: Configure fail2ban service override
  template: src=etc/systemd/system/fail2ban.service.d/override.conf.j2 dest=/etc/systemd/system/fail2ban.service.d/override.conf owner=root mode=0644
  notify:
    - reload systemd
    - restart fail2ban

- name: Enable fail2ban service
  systemd: name=fail2ban enabled=yes

# vim: set sw=2 ts=2: