Add possibility to restart Fail2ban service

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ### Fix
 * Set empty dependencies line to fix Galaxy warning.
+* Add possibility to restart Fail2ban service.
 
 ## v1.4
 

README.md

@@ -54,6 +54,7 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
 * **nft_service_manage** : If `nftables` service should be managed with this role [default : `true`].
 * **nft_service_name** : `nftables` service name [default : `nftables`].
 * **nft_service_enabled** : Set `nftables` service available at startup [default : `true`].
+* **nft__fail2ban_service** : If the Nftables service should also restart the Fail2ban service [default : `False`].
 
 ### OS Specific Variables
 

defaults/main.yml

@@ -128,3 +128,4 @@ nft_service_name: 'nftables'
 nft_service_enabled: true
 nft_service_unit_path: '/lib/systemd/system/nftables.service'
 nft_service_unit_content: 'lib/systemd/system/nftables.service.j2'
+nft__fail2ban_service: False

templates/lib/systemd/system/nftables.service.j2

@@ -2,7 +2,7 @@
 [Unit]
 Description={{ nft_service_name }}
 Documentation=man:nft(8) http://wiki.nftables.org
-Before=fail2ban.service
+;Before=fail2ban.service
 
 [Service]
 Type=oneshot
@@ -10,9 +10,15 @@ RemainAfterExit=yes
 StandardInput=null
 ProtectSystem=full
 ProtectHome=true
+{% if nft__fail2ban_service %}
+ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
+ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
+ExecStop=/bin/systemctl stop fail2ban.service ; /usr/sbin/nft flush ruleset
+{% else %}
 ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }}
 ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }}
 ExecStop=/usr/sbin/nft flush ruleset
+{% endif %}
 
 [Install]
 WantedBy=multi-user.target