Tentative role for fail2ban

inventory/lab/inventory.yml

@@ -10,3 +10,12 @@ all:
         debi13:
           ansible_host: 127.0.0.1
           ansible_port: 2224
+
+    fail2ban:
+      hosts:
+       debi13:
+          ansible_host: 127.0.0.1
+          ansible_port: 2224
+       alma9:
+          ansible_host: 127.0.0.1
+          ansible_port: 2222

playbooks/fail2ban.yml

@@ -0,0 +1,10 @@
+---
+- name: Install fail2ban on Linux hosts
+  hosts:
+    - fail2ban
+  become: true
+
+  roles:
+    - fail2ban
+
+

roles/fail2ban/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure epel-release is installed (RedHat)
+  ansible.builtin.package:
+    name: epel-release
+    state: present
+    update_cache: yes
+  when: ansible_os_family == 'RedHat'
+
+- name: Ensure fail2ban is installed
+  ansible.builtin.package:
+    name: fail2ban
+    state: present
+    update_cache: yes
+
+- name: Start fail2ban for RedHat
+  ansible.builtin.systemd_service:
+    name: fail2ban
+    state: started
+    enabled: true
+  when: ansible_os_family == 'RedHat'