---

- name: Install required packages
  apt:
    state: present
    name:
      - fail2ban # base package
      # Recommended for fail2ban:
      - iptables # blocking using native firewall
      - python3-pyinotify # watch files natively
      - python3-systemd # view journals of systemd
    install_recommends: no

- name: Configure fail2ban
  template:
    src: fail2ban.conf
    dest: "{{ global_fail2ban_configuration_directory }}/0_main.local"
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: reload fail2ban

- name: Configure sshd jail
  template:
    src: sshd.jail.conf
    dest: "{{ global_fail2ban_jails_directory }}/sshd.local"
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: reload fail2ban