From 68468511f885c22ba4ba85f4eb823e3b9ea9bb92 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Wed, 27 Sep 2023 22:38:08 +0200
Subject: [PATCH] Add a script for configuring fail2ban.

---
 server/fail2ban.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 server/fail2ban.yaml

diff --git a/server/fail2ban.yaml b/server/fail2ban.yaml
new file mode 100644
index 0000000..4295c03
--- /dev/null
+++ b/server/fail2ban.yaml
@@ -0,0 +1,34 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- name: Checkout configuration
+  command: |
+    git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main --force \
+      fail2ban/*
+  become: yes
+- name: Install fail2ban
+  package:
+    name:
+      - fail2ban
+    state: latest
+  become: yes
+- name: Ensure fail2ban directory structure exists
+  file:
+    path: "/etc/fail2ban"
+    state: directory
+  become: yes
+- name: Copy to /etc/fail2ban
+  copy:
+    src: "/tmp/fail2ban/{{ item }}"
+    dest: "/etc/fail2ban"
+    remote_src: true
+  become: true
+  with_items:
+    - fail2ban.local
+    - jail.local
+    - paths-common.conf
+- name: Restart fail2ban
+  service:
+    name: fail2ban
+    state: restarted
+  become: yes
-- 
2.39.5