1 files changed, 28 insertions, 0 deletions

diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml
new file mode 100644
index 0000000..6d8e237
--- /dev/null
+++ b/ansible/roles/fail2ban/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+# dovecot is configured to respect the fail2ban deny decisions
+# A failed login is recorded as:
+# dovecot[<pid>]: imap-login: access(tcpwrap): Client refused (rip=<ip>)
+- name: install fail2ban
+  apt:
+    name: fail2ban
+    state: latest
+    install_recommends: false
+
+- name: copy fail2ban config
+  copy:
+    src: fail2ban/
+    dest: /etc/fail2ban/
+    mode: preserve
+  notify:
+  - restart fail2ban
+
+
+# verify everything is running
+- name: verify services are running in dependency order
+  service:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  loop:
+    - fail2ban
+