infrastructure/ansible/roles/fail2ban_ssh/tasks/main.yml

- name: Make user
  user:
    name: "{{ f2b_user }}"
    comment: "{{ name }}"
    shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
    system: false
  become: true

- name: Give user sudo access to client
  lineinfile:
    path: /etc/sudoers
    line: "{{ f2b_user }} ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client"
  become: true

- name: Allow custom shell
  lineinfile:
    path: /etc/shells
    line: /home/{{ f2b_user }}/f2b-entrypoint.sh
  become: true

- name: Create entrypoint
  template:
    src: files/f2b-entrypoint.sh
    dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
    mode: 0755
  become: true
  register: sshd_config