sukaato-ansible/roles/bootstrap/handlers/fail2ban.yml

---
- name: Check if path to fail2ban configuration files exists
  stat:
    path: /etc/fail2ban/jail.d
  register: fail2path
- name: Check if path to systemd fail2ban service configuration files exists
  stat:
    path: /etc/systemd/system/fail2ban.service.d
  register: fail2serve_path
- name: Create relevant fail2ban configuration directory
  become: yes
  become_method: sudo
  file:
    path: /etc/fail2ban/jail.d
    state: directory
  register: fail2bandir_created
  when: not fail2path.stat.exists
- name: Create relevant fail2ban configuration directory
  become: yes
  become_method: sudo
  file:
    path: /etc/systemd/system/fail2ban.service.d
    state: directory
  register: fail2servdir_created
  when: not fail2serve_path.stat.exists
- name: Copy protftpd jail file
  become: yes
  become_method: sudo
  copy:
    src: ftp.local
    dest: /etc/fail2ban/jail.d/ftp.local
    force: yes
    backup: yes
  when: fail2path.stat.exists
- name: Copy sshd jail file
  become: yes
  become_method: sudo
  copy:
    src: sshd.local
    dest: /etc/fail2ban/jail.d/sshd.local
    force: yes
    backup: yes
  when: fail2path.stat.exists
- name: Copy fail2ban modified service configuration
  become: yes
  become_method: sudo
  copy:
    src: override.conf
    dest: /etc/systemd/system/fail2ban.service.d/sshd.local
    force: yes
    backup: yes
  when: fail2serve_path.stat.exists
- name: Reload fail2ban service
  become: yes
  become_method: sudo
  service:
    name: fail2ban
    state: reloaded
  register: fail2ban_reloaded
- name: Start and enable fail2ban service
  become: yes
  become_method: sudo
  service:
    name: fail2ban
    state: started
    enabled: yes
  register: fail2ban_running
  when: fail2ban_reloaded
- name: Restart fail2ban service
  become: yes
  become_method: sudo
  service:
    name: fail2ban
    state: restarted
  register: fail2ban_restarted
  when: fail2ban_reloaded