linderhof/roles/fail2ban/tasks/main.yml

- name: Ensure fail2ban directories exist
  file:
    path: "/etc/fail2ban/{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - ""
    - jail.d
    - filter.d

- name: Remove obsolete grafana fail2ban configs
  file:
    path: "/etc/fail2ban/{{ item }}"
    state: absent
  loop:
    - jail.d/grafana.conf
    - filter.d/grafana-auth.conf
  notify: Reload fail2ban

- name: Deploy fail2ban jail.local
  template:
    src: jail.local.j2
    dest: /etc/fail2ban/jail.local
    mode: '0644'
  notify: Reload fail2ban

- name: Copy fail2ban jail and filter configs
  copy:
    src: "{{ item }}"
    dest: "/etc/fail2ban/{{ item | regex_replace('^.*/files/', '') }}"
    mode: '0644'
  with_fileglob:
    - "{{ role_path }}/files/jail.d/*"
    - "{{ role_path }}/files/filter.d/*"
  notify: Reload fail2ban
initial commit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-27 15:09:25 -07:00			`- name: Ensure fail2ban directories exist`
			`file:`
			`path: "/etc/fail2ban/{{ item }}"`
			`state: directory`
			`mode: '0755'`
			`loop:`
			`- ""`
			`- jail.d`
			`- filter.d`

			`- name: Remove obsolete grafana fail2ban configs`
			`file:`
			`path: "/etc/fail2ban/{{ item }}"`
			`state: absent`
			`loop:`
			`- jail.d/grafana.conf`
			`- filter.d/grafana-auth.conf`
			`notify: Reload fail2ban`

			`- name: Deploy fail2ban jail.local`
			`template:`
			`src: jail.local.j2`
			`dest: /etc/fail2ban/jail.local`
			`mode: '0644'`
			`notify: Reload fail2ban`

			`- name: Copy fail2ban jail and filter configs`
			`copy:`
			`src: "{{ item }}"`
			`dest: "/etc/fail2ban/{{ item \| regex_replace('^.*/files/', '') }}"`
			`mode: '0644'`
			`with_fileglob:`
			`- "{{ role_path }}/files/jail.d/*"`
			`- "{{ role_path }}/files/filter.d/*"`
			`notify: Reload fail2ban`