---
# tasks file for fail2ban
- name: install fail2ban
  package:
    name: "{{ fail2ban_packages }}"
    state: present
  register: fail2ban_install_fail2ban
  until: fail2ban_install_fail2ban is succeeded
  retries: 3

- name: configure fail2ban.conf
  ini_file:
    path: /etc/fail2ban/fail2ban.conf
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - "{{ fail2ban_base_configuration + fail2ban_configuration }}"
  notify:
    - restart fail2ban
  loop_control:
    label: "{{ item.option }}"

- name: configure jail.conf
  ini_file:
    path: /etc/fail2ban/jail.conf
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
  notify:
    - restart fail2ban
  loop_control:
    label: "{{ item.option }}"

- name: stat auth log file
  stat:
    path: /var/log/auth.log
  register: auth

- name: touch auth log file
  file:
    path: /var/log/auth.log
    state: touch
  when: auth.stat.exists is defined and not auth.stat.exists

- name: start and enable fail2ban
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  with_items:
    - "{{ fail2ban_service }}"