- name: Setup Fail2ban
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Install fail2ban packages
      ansible.builtin.apt:
        name:
          - fail2ban
          - sendmail
  # add line  to /etc/hosts
  # 127.0.0.1 m-server localhost....
    - name: Copy files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: /etc/fail2ban/jail.d/
        mode: '0700'
        owner: root
        group: root
      with_fileglob:
        - "jail.d/*.conf"

    - name: Copy files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: /etc/fail2ban/filter.d/
        mode: '0700'
        owner: root
        group: root
      with_fileglob:
        - "filter.d/*.conf"

    - name: Copy files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: /etc/fail2ban/action.d/
        mode: '0700'
        owner: root
        group: root
      with_fileglob:
        - "action.d/*.conf"

    - name: Disable sendmail service
      ansible.builtin.service:
        name: sendmail.service
        state: stopped
        enabled: false

    - name: Restart fail2ban service
      ansible.builtin.service:
        name: fail2ban.service
        state: restarted
        enabled: true