christianlempa-boilerplates/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml

---
- name: install fail2ban and configure sshd
  hosts: "{{ my_hosts | d([]) }}"
  become: yes
  tasks:
  - name: install fail2ban
    ansible.builtin.apt:
      name:
        - fail2ban
      update_cache: yes
  - name: copy fail2ban configfiles
    ansible.builtin.copy:
      src: configfiles/debian-sshd-default.conf
      dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
  - name: restart fail2ban
    ansible.builtin.systemd_service:
      state: restarted
      daemon_reload: yes
      name: fail2ban