- name: Install fail2ban
  apt:
    name:
      - fail2ban

- name: Configure fail2ban
  copy:
    src: fail2ban/jail.local
    dest: /etc/fail2ban/jail.local
  notify: Restart fail2ban

- name: Disable ssh password authentication for all but user of ansible
  blockinfile:
    path: /etc/ssh/sshd_config
    block: |
      Match User {{ ansible_user }}
          PasswordAuthentication yes
      Match all
          PasswordAuthentication no 
  notify: Restart sshd

- name: Configure sshd ClientAliveInterval
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?ClientAliveInterval'
    line: '#ClientAliveInterval 5m'
  notify: Restart sshd

- name: Configure sshd ClientAliveCountMax
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?ClientAliveCountMax'
    line: '#ClientAliveCountMax 3'
  notify: Restart sshd