---
- name: Install fail2ban
  ansible.builtin.package:
    name: fail2ban
    state: present

- name: Configure fail2ban
  copy:
    src: ../templates/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.conf
    backup: yes
  notify: restart fail2ban

- name: Disable password login
  lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: '^(#\s*)?PasswordAuthentication '
    line: "PasswordAuthentication no"
  notify: restart sshd

- name: Change SSH port
  lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: "^Port "
    line: "Port {{ sshd_port }}"
  notify: restart sshd
  when: 0 > 1