Add fail2ban role

roles/common/handlers/main.yml

@@ -48,3 +48,9 @@
   systemd:
     name: rsyslog
     state: restarted
+
+- name: Restart fail2ban service
+  become: true
+  systemd:
+    name: fail2ban
+    state: restarted

roles/setup-fail2ban/files/00-banactions-nft.conf

@@ -0,0 +1,3 @@
+[DEFAULT]
+banaction = nftables-multiport
+banaction_allports = nftables-allports

roles/setup-fail2ban/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Install fail2ban
+  become: true
+  apt:
+    name: fail2ban
+    state: present
+    update_cache: yes
+
+- name: Configure fail2ban for nftables
+  become: true
+  copy:
+    src: 00-banactions-nft.conf
+    dest: /etc/fail2ban/jail.d/00-banactions-nft.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban service