---
- name: Installation de fail2ban et nftables
  apt:
    pkg:
      - fail2ban
      - nftables
    update_cache: true
    state: present

- name: Appliquation des règles de ban ssh
  template:
    src: ../files/jail.conf
    dest: /etc/fail2ban/jail.d/jail.conf
  notify:
    - restart fail2ban

- name: Création du répertoire pour la surcharge systemd
  file:
    name: /etc/systemd/system/fail2ban.service.d
    state: directory

- name: Règle de base pour nftables
  template:
    src: ../files/service-override.conf
    dest: /etc/systemd/system/fail2ban.service.d/override.conf

- name: Déploiement des règles nftables (base)
  tags:
    - nftables
  template:
    src: ../files/nftables.conf
    dest: /etc/nftables.conf
  notify:
    - restarted nftables
    - restart fail2ban