From f36556a85091e1f74c31a4ba1b9bfbc75e7b89a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20P=2E?= <nicolo.paraciani@cnr.it>
Date: Mon, 16 Mar 2026 16:43:38 +0100
Subject: [PATCH] Tentative role for fail2ban

---
 inventory/lab/inventory.yml   |  9 +++++++++
 playbooks/fail2ban.yml        | 10 ++++++++++
 roles/fail2ban/tasks/main.yml | 20 ++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 playbooks/fail2ban.yml
 create mode 100644 roles/fail2ban/tasks/main.yml

diff --git a/inventory/lab/inventory.yml b/inventory/lab/inventory.yml
index adfc2ba..85ffc19 100644
--- a/inventory/lab/inventory.yml
+++ b/inventory/lab/inventory.yml
@@ -10,3 +10,12 @@ all:
         debi13:
           ansible_host: 127.0.0.1
           ansible_port: 2224
+
+    fail2ban:
+      hosts:
+       debi13:
+          ansible_host: 127.0.0.1
+          ansible_port: 2224
+       alma9:
+          ansible_host: 127.0.0.1
+          ansible_port: 2222
diff --git a/playbooks/fail2ban.yml b/playbooks/fail2ban.yml
new file mode 100644
index 0000000..aad5564
--- /dev/null
+++ b/playbooks/fail2ban.yml
@@ -0,0 +1,10 @@
+---
+- name: Install fail2ban on Linux hosts
+  hosts:
+    - fail2ban
+  become: true
+
+  roles:
+    - fail2ban
+
+
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
new file mode 100644
index 0000000..9c48d27
--- /dev/null
+++ b/roles/fail2ban/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensure epel-release is installed (RedHat)
+  ansible.builtin.package:
+    name: epel-release
+    state: present
+    update_cache: yes
+  when: ansible_os_family == 'RedHat'
+
+- name: Ensure fail2ban is installed
+  ansible.builtin.package:
+    name: fail2ban
+    state: present
+    update_cache: yes
+
+- name: Start fail2ban for RedHat
+  ansible.builtin.systemd_service:
+    name: fail2ban
+    state: started
+    enabled: true
+  when: ansible_os_family == 'RedHat'