---
- name: Install fail2ban and dependencies
  ansible.builtin.package:
    name: "{{ item }}"
    state: latest
  with_items: "{{ fail2ban_dependencies }}"

- name: Configure fail2ban.local
  community.general.ini_file:
    path: /etc/fail2ban/fail2ban.local
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    owner: root
    group: root
    mode: 0644
  loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
  loop_control:
    label: "{{ item.option }}"
  notify: Restart fail2ban

- name: Configure jail.local
  community.general.ini_file:
    path: /etc/fail2ban/jail.local
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    owner: root
    group: root
    mode: 0644
  loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
  loop_control:
    label: "{{ item.option }}"
  notify: Restart fail2ban

- name: Configure Debian default jail config
  community.general.ini_file:
    path: /etc/fail2ban/jail.d/defaults-debian.conf
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    owner: root
    group: root
    mode: 0644
  loop: "{{ fail2ban_default_debian_jail_configuration }}"
  loop_control:
    label: "{{ item.option }}"
  notify: Restart fail2ban
  when: ansible_facts['distribution'] == 'Debian'

- name: Copy filter configs
  community.general.ini_file:
    src: "{{ item }}"
    dest: /etc/fail2ban/filter.d/
    owner: root
    group: root
    mode: 0644
  with_fileglob:
  - "{{ fail2ban_filters_path }}/*"
  when: fail2ban_filters_path is defined
  notify: Restart fail2ban

- name: Copy action configs
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /etc/fail2ban/action.d/
    owner: root
    group: root
    mode: 0644
  with_fileglob:
    - "{{ fail2ban_actions_path }}/*"
  when: fail2ban_actions_path is defined
  notify: Restart fail2ban

- name: Copy jail configs
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /etc/fail2ban/jail.d/
    owner: root
    group: root
    mode: 0644
  with_fileglob:
    - "{{ fail2ban_jails_path }}/*"
  when: fail2ban_jails_path is defined
  notify: Restart fail2ban

- name: Create jail configs
  ansible.builtin.template:
    src: jail.local.j2
    dest: /etc/fail2ban/jail.d/{{ jail.name }}.local
    owner: root
    group: root
    mode: 0644
  loop: "{{ fail2ban_jails }}"
  loop_control:
    label: "{{ jail.name }}"
    loop_var: jail
  when: fail2ban_jails
  notify: Restart fail2ban


- name: Start and enable service
  systemd:
    name: fail2ban
    state: started
    enabled: true