Add a script for configuring fail2ban.

diff --git a/server/fail2ban.yaml b/server/fail2ban.yaml
new file mode 100644 (file)
index 0000000..4295c03
--- /dev/null
+++ b/server/fail2ban.yaml
@@ -0,0 +1,34 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- name: Checkout configuration
+  command: |
+    git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main --force \
+      fail2ban/*
+  become: yes
+- name: Install fail2ban
+  package:
+    name:
+      - fail2ban
+    state: latest
+  become: yes
+- name: Ensure fail2ban directory structure exists
+  file:
+    path: "/etc/fail2ban"
+    state: directory
+  become: yes
+- name: Copy to /etc/fail2ban
+  copy:
+    src: "/tmp/fail2ban/{{ item }}"
+    dest: "/etc/fail2ban"
+    remote_src: true
+  become: true
+  with_items:
+    - fail2ban.local
+    - jail.local
+    - paths-common.conf
+- name: Restart fail2ban
+  service:
+    name: fail2ban
+    state: restarted
+  become: yes