- name: Fail2ban-ingress
  hosts: animeistrash
  become: true

  tasks:
    - name: Install fail2ban
      ansible.builtin.apt:
        name: fail2ban
        state: present

    - name: Create user
      ansible.builtin.user:
        name: fail2forward
        create_home: true

    - name: Create .ssh
      ansible.builtin.file:
        name: /home/fail2forward/.ssh
        owner: fail2forward
        group: fail2forward
        state: directory
        mode: '0655'

    - name: Create authorized_keys
      ansible.builtin.copy:
        content: "command=\"/usr/local/bin/fail2forward\",no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,restrict \
                  {{ lookup('ansible.builtin.file', '../fail2ban/fail2forward_id_rsa.pub') }}"
        owner: fail2forward
        group: fail2forward
        dest: /home/fail2forward/.ssh/authorized_keys
        mode: '0644'

    - name: Copy fail2forward script
      ansible.builtin.template:
        src: fail2forward.j2
        dest: /usr/local/bin/fail2forward
        owner: root
        group: root
        mode: '0755'

    - name: Copy jail.local
      ansible.builtin.template:
        src: jail.local.j2
        dest: /etc/fail2ban/jail.local
        owner: root
        group: root
        mode: '0644'

    - name: Restart fail2ban
      ansible.builtin.service:
        name: fail2ban
        state: restarted