---
- name: Install fail2ban filter
  become: true
  ansible.builtin.template:
    src: fail2ban/filter.conf.j2
    dest: /etc/fail2ban/filter.d/gitea.local
    owner: root
    group: root
    mode: "0444"
  notify: "Restart fail2ban"
  when: "'fail2ban' in ansible_facts.packages"

- name: Install fail2ban jail for logins over HTTP(S)
  become: true
  vars:
    gitea_fail2ban_filter: gitea
    gitea_fail2ban_port: "http,https,{{ gitea_ssh_port }}"
    gitea_fail2ban_jail_name: gitea-docker
  ansible.builtin.template:
    src: fail2ban/jail.conf.j2
    dest: /etc/fail2ban/jail.d/gitea.local
    owner: root
    group: root
    mode: "0444"
  notify: "Restart fail2ban"
  when: "'fail2ban' in ansible_facts.packages"

- name: Warn if fail2ban is not installed
  ansible.builtin.fail:
    msg: "the package fail2ban is not installed. no fail2ban filters deployed."
  when: "'fail2ban' not in ansible_facts.packages"
  failed_when: false