---

- hosts: "{{ ip_addr }}"
  become: yes
  become_method: sudo
  gather_facts: yes

  tasks:
  
    - name: set variables
      set_fact:
        bantime: "10m"
        maxretry: "10"
        findtime: "10m"
        jails:
          - name: sshd
            enabled: true
            filter: sshd
            logpath: /var/log/lastlog
            port: ['ssh', '22']
            maxretry: 10
            bantime: 10m
            findtime: 10m
          - name: asterisk
            enabled: true
            filter: asterisk
            logpath: /var/log/asterisk/messages
            port: ['asterisk', '5060']
            maxretry: 10
            bantime: 10m
            findtime: 10m

    - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
      import_role:
        name: config-fail2ban

        #In this template:
       
        #{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
        #For each jail, you can specify various options including:
        #{{ jail.name }}: The name of the jail.
        #{{ jail.enabled }}: Whether the jail is enabled or not.
        #{{ jail.filter }}: The filter for the jail.
        #{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
        #{{ jail.port | join(' ') }}: The port(s) to monitor.
        #{{ jail.maxretry }}: The maximum number of retries before banning.
        #{{ jail.bantime }}: The ban time for this jail.
        #{{ jail.findtime }}: The time window for counting retries.