From f92b5cde576aa82f2ffe97f7ac3a1dba5b628d90 Mon Sep 17 00:00:00 2001
From: "flyingscorpio@clevo" <tfranken@protonmail.com>
Date: Sun, 13 Mar 2022 22:31:02 +0100
Subject: [PATCH] Add fail2ban role

---
 roles/common/handlers/main.yml                  |  6 ++++++
 .../setup-fail2ban/files/00-banactions-nft.conf |  3 +++
 roles/setup-fail2ban/tasks/main.yml             | 17 +++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 roles/setup-fail2ban/files/00-banactions-nft.conf
 create mode 100644 roles/setup-fail2ban/tasks/main.yml

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 42bd5b9..f3b6989 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -48,3 +48,9 @@
   systemd:
     name: rsyslog
     state: restarted
+
+- name: Restart fail2ban service
+  become: true
+  systemd:
+    name: fail2ban
+    state: restarted
diff --git a/roles/setup-fail2ban/files/00-banactions-nft.conf b/roles/setup-fail2ban/files/00-banactions-nft.conf
new file mode 100644
index 0000000..9ff1b6d
--- /dev/null
+++ b/roles/setup-fail2ban/files/00-banactions-nft.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+banaction = nftables-multiport
+banaction_allports = nftables-allports
diff --git a/roles/setup-fail2ban/tasks/main.yml b/roles/setup-fail2ban/tasks/main.yml
new file mode 100644
index 0000000..1a628f3
--- /dev/null
+++ b/roles/setup-fail2ban/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Install fail2ban
+  become: true
+  apt:
+    name: fail2ban
+    state: present
+    update_cache: yes
+
+- name: Configure fail2ban for nftables
+  become: true
+  copy:
+    src: 00-banactions-nft.conf
+    dest: /etc/fail2ban/jail.d/00-banactions-nft.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart fail2ban service