- name: "fail2ban : install fail2ban"
  ansible.builtin.apt:
    name: "fail2ban"

- name: "fail2ban : configure fail2ban"
  ansible.builtin.template:
    src: "./fail2ban/jail.local.j2"
    dest: "/etc/fail2ban/jail.local"
    mode: 0644
  register: fail2ban_conf

- name: "fail2ban : configure fail2ban sshd jail"
  ansible.builtin.template:
    src: "./fail2ban/jail.d/sshd.local.j2"
    dest: "/etc/fail2ban/jail.d/sshd.local"
    mode: 0644
  register: fail2ban_sshd_jail

- name: "fail2ban : enable fail2ban"
  ansible.builtin.systemd:
    name: "fail2ban"
    enabled: true

- name: "fail2ban : start fail2ban"
  ansible.builtin.systemd:
    name: "fail2ban"
    state: "started"
  register: fail2ban_start

- name: "fail2ban : restart fail2ban"
  ansible.builtin.systemd:
    name: "fail2ban"
    state: "restarted"
  when:
    (fail2ban_conf.changed or
    fail2ban_sshd_jail.changed) and
    not fail2ban_start.changed