--- - name: fail2ban_deb | Install fail2ban packages ansible.builtin.apt: pkg: "{{ f2b_packages_deb }}" state: present cache_valid_time: 1800 tags: - fail2ban - name: fail2ban_deb | Ensure that fail2ban is enabled and running ansible.builtin.service: name: fail2ban state: started enabled: true tags: - fail2ban - name: fail2ban_deb | Install the fail2ban custom jail file ansible.builtin.template: src: jail.local.j2 dest: /etc/fail2ban/jail.local owner: root group: root mode: "0444" notify: Restart fail2ban tags: - fail2ban - name: fail2ban_deb | Install the fail2ban apache ddos filter ansible.builtin.template: src: apache-ddos-filter.conf.j2 dest: /etc/fail2ban/filter.d/apache-ddos-filter.conf owner: root group: root mode: "0444" when: f2b_apache_ddos_enabled notify: Restart fail2ban tags: - fail2ban - f2b_apache_ddos - name: fail2ban_deb | Install the fail2ban apache ddos rule ansible.builtin.template: src: apache-ddos-jail.conf.j2 dest: /etc/fail2ban/jail.d/apache-ddos-jail.conf owner: root group: root mode: "0444" when: f2b_apache_ddos_enabled notify: Restart fail2ban tags: - fail2ban - f2b_apache_ddos - name: fail2ban_deb | Install the fail2ban nginx ddos filter ansible.builtin.template: src: nginx-ddos-filter.conf.j2 dest: /etc/fail2ban/filter.d/nginx-ddos-filter.conf owner: root group: root mode: "0444" when: f2b_nginx_ddos_enabled notify: Restart fail2ban tags: - fail2ban - f2b_nginx_ddos - name: fail2ban_deb | Install the fail2ban nginx ddos rule ansible.builtin.template: src: nginx-ddos-jail.conf.j2 dest: /etc/fail2ban/jail.d/nginx-ddos-jail.conf owner: root group: root mode: "0444" when: f2b_nginx_ddos_enabled notify: Restart fail2ban tags: - fail2ban - f2b_nginx_ddos - name: fail2ban_deb | Uninstall fail2ban when not enabled ansible.builtin.apt: pkg: fail2ban state: absent when: not fail2ban_enabled tags: - fail2ban - uninstall_fail2ban