---
# tasks file for fail2ban
- name: include assert.yml
  include_tasks: assert.yml

- name: install fail2ban
  package:
    name: "{{ fail2ban_packages }}"
    state: present

- name: configure fail2ban.conf
  ini_file:
    path: /etc/fail2ban/fail2ban.conf
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    mode: "0640"
  loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
  notify:
    - restart fail2ban
  loop_control:
    label: "{{ item.option }}"

- name: configure jail.local
  ini_file:
    path: /etc/fail2ban/jail.local
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    mode: "0640"
  loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
  notify:
    - restart fail2ban
  loop_control:
    label: "{{ item.option }}"

- name: stat auth log file
  stat:
    path: /var/log/auth.log
  register: fail2ban_auth

- name: touch auth log file
  file:
    path: /var/log/auth.log
    state: touch
    mode: "0640"
  when:
    - fail2ban_auth.stat.exists is defined
    - not fail2ban_auth.stat.exists

- name: start and enable fail2ban
  service:
    name: "{{ fail2ban_service }}"
    state: started
    enabled: yes