- name: Ensure fail2ban directories exist
  file:
    path: "/etc/fail2ban/{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - ""
    - jail.d
    - filter.d

- name: Remove obsolete grafana fail2ban configs
  file:
    path: "/etc/fail2ban/{{ item }}"
    state: absent
  loop:
    - jail.d/grafana.conf
    - filter.d/grafana-auth.conf
  notify: Reload fail2ban

- name: Deploy fail2ban jail.local
  template:
    src: jail.local.j2
    dest: /etc/fail2ban/jail.local
    mode: '0644'
  notify: Reload fail2ban

- name: Copy fail2ban jail and filter configs
  copy:
    src: "{{ item }}"
    dest: "/etc/fail2ban/{{ item | regex_replace('^.*/files/', '') }}"
    mode: '0644'
  with_fileglob:
    - "{{ role_path }}/files/jail.d/*"
    - "{{ role_path }}/files/filter.d/*"
  notify: Reload fail2ban