fail2ban ansible playbook for ce7, ubuntu, and debian

fail2ban.yml

# vim: set ts=2 sw=2 expandtab syntax=yaml:
---
- hosts: all
  tasks:
  - name: Configure vars (Debian)
    set_fact:
      paths_include: paths-debian.conf
    when: ansible_os_family == "Debian" or ansible_os_family == "Ubuntu"

  - name: Configure vars (EL)
    set_fact:
      paths_include: paths-fedora.conf
    when: ansible_os_family == "RedHat" or ansible_os_family == "CentOS" or ansible_os_family == "Fedora"

  - name: Ensure /opt/src exists
    file: path=/opt/src state=directory mode=0755

  - name: Extract Fail2ban source
    unarchive: src=https://github.com/fail2ban/fail2ban/archive/0.9.4.tar.gz copy=no dest=/opt/src

  - name: Install Fail2ban
    command: python setup.py install
    args:
      chdir: /opt/src/fail2ban-0.9.4

  - name: Create Fail2ban systemd service
    copy: dest=/lib/systemd/system/fail2ban.service src=/opt/xrepo/ansible/files/fail2ban.service

  - name: Configure Fail2ban jails
    template: src=/opt/xrepo/ansible/templates/jail.local.j2 dest=/etc/fail2ban/jail.local

  - name: Configure Fail2ban paths
    copy: src=/opt/xrepo/ansible/files/{{ paths_include }} dest=/etc/fail2ban/{{ paths_include }}

  - name: Configure Fail2ban main config
    template: src=/opt/xrepo/ansible/templates/fail2ban.conf.j2 dest=/etc/fail2ban/fail2ban.conf

  - name: Ensure logfile exists (for banhammer jail)
    file: path=/var/log/fail2ban.log state=touch mode=0644

  - name: Reload systemd
    command: systemctl daemon-reload

  - name: Ensure Fail2ban service is enabled and started
    service: name=fail2ban enabled=yes state=started