- name: fail2ban filter
  template:
    src: files/nginx-fail2ban-filter.conf
    dest: /etc/fail2ban/filter.d/nginx-tcp.conf
    mode: "0600"
  register: fail2ban_filter

- name: fail2ban jail
  template:
    src: files/nginx-fail2ban-jail.conf
    dest: /etc/fail2ban/jail.d/nginx.conf
    mode: "0600"
  register: fail2ban_jail

- name: Restart fail2ban
  service:
    name: fail2ban
    state: restarted
  when: fail2ban_filter.changed or fail2ban_jail.changed