---
- name: Install fail2ban
  apt:
    name: fail2ban
    state: present

- name: Enable fail2ban for SSH
  template:
    src: jail.local.j2
    # jail.local overrides jail.conf but does not replace
    # we can just put our little SSH conf (port and log file) inside
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: 0644
  notify: Restarts fail2ban

- name: Enable fail2ban
  service:
    name: fail2ban
    enabled: true