# SSH
configure sshd jail:
  file.managed:
    - name: /etc/fail2ban/jail.d/sshd.local
    - source: salt://fail2ban/files/jail.d/sshd.local
    - user: root
    - group: root
    - mode: "0644"
    - onlyif:
      - pkg.is_installed: openssh

# Nextcloud
configure nextcloud jail:
  file.managed:
    - name: /etc/fail2ban/jail.d/nextcloud.local
    - source: salt://fail2ban/files/jail.d/nextcloud.local
    - user: root
    - group: root
    - mode: "0644"
    - onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea'

configure nextcloud filter:
  file.managed:
    - name: /etc/fail2ban/filter.d/nextcloud.local
    - source: salt://fail2ban/files/filter.d/nextcloud.local
    - user: root
    - group: root
    - mode: "0644"
    - onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea'

######
realod fail2ban config:
  cmd.run:
    - name: fail2ban-client reload
    - onchanges:
      - file: configure sshd jail
      - file: configure nextcloud jail
      - file: configure nextcloud filter