fail2ban: custom ignoreip + add tags

fail2ban/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
 general_alert_email: "root@localhost"
 fail2ban_alert_email: Null
+fail2ban_ignoreip: []

fail2ban/tasks/main.yml

@@ -4,6 +4,7 @@
     name: fail2ban
     state: present
   tags:
+    - fail2ban
     - packages
 
 - name: custom filters are installed
@@ -15,6 +16,8 @@
     - dovecot-evolix.conf
     - sasl-evolix.conf
   notify: restart fail2ban
+  tags:
+    - fail2ban
 
 - name: local jail is installed
   template:
@@ -22,3 +25,5 @@
     dest: /etc/fail2ban/jail.local
     mode: "0644"
   notify: restart fail2ban
+  tags:
+    - fail2ban

fail2ban/templates/jail.local.j2

@@ -3,7 +3,12 @@
 [DEFAULT]
 
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host
-ignoreip = 127.0.0.1/8
+ignoreip = \
+{% for ip in fail2ban_ignoreip %}
+{{ ip }}, \
+{% endfor %}
+127.0.0.1/8
+
 bantime  = 600
 maxretry = 3