From 1f22db68e1787b5a322c652f7134899f1332e37f Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@holzmarkt.com>
Date: Wed, 15 Jan 2025 19:46:51 +0100
Subject: [PATCH] Initial commit

---
 defaults/main.yml           |  8 ++++++++
 handlers/main.yml           |  4 ++++
 tasks/main.yml              | 30 ++++++++++++++++++++++++++++++
 templates/fail2ban.local.j2 |  6 ++++++
 templates/jail.local.j2     |  6 ++++++
 5 files changed, 54 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/fail2ban.local.j2
 create mode 100644 templates/jail.local.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..95390ef
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,8 @@
+fail2ban_config:
+  DEFAULT:
+    logtarget: SYSLOG
+
+fail2ban_jail:
+  DEFAULT:
+    banaction: nftables-multiport
+    banaction_allports: nftables-allports
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..df4b7c8
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart fail2ban
+  ansible.builtin.systemd_service:
+    name: fail2ban
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..ec40cf7
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: Install fail2ban
+  ansible.builtin.apt:
+    pkg: fail2ban
+
+- name: Copy fail2ban config
+  ansible.builtin.template:
+    src: fail2ban.local.j2
+    dest: /etc/fail2ban/fail2ban.local
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban
+
+- name: Copy jail config
+  ansible.builtin.template:
+    src: jail.local.j2
+    dest: /etc/fail2ban/jail.local
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban
+
+- name: Clear debian default jail config
+  ansible.builtin.copy:
+    content: ''
+    dest: /etc/fail2ban/jail.d/defaults-debian.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban
diff --git a/templates/fail2ban.local.j2 b/templates/fail2ban.local.j2
new file mode 100644
index 0000000..e2b7595
--- /dev/null
+++ b/templates/fail2ban.local.j2
@@ -0,0 +1,6 @@
+{% for section, settings in fail2ban_config.items() %}
+[{{ section }}]
+{% for key, value in settings.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endfor %}
diff --git a/templates/jail.local.j2 b/templates/jail.local.j2
new file mode 100644
index 0000000..81e788a
--- /dev/null
+++ b/templates/jail.local.j2
@@ -0,0 +1,6 @@
+{% for section, settings in fail2ban_jail.items() %}
+[{{ section }}]
+{% for key, value in settings.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endfor %}