diff --git a/tasks/main.yml b/tasks/main.yml
index 3ae61e633932dead57eb2951bcd0b00495f012aa..61f3204ed869dc48a22bdaf2434718831cda2dee 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -59,14 +59,12 @@
 
 - name: push specific fail2ban filters
   copy:
-    src: "{{ item }}"
-    dest: "/etc/fail2ban/filter.d/{{ item }}.local"
+    src: traefik-auth
+    dest: "/etc/fail2ban/filter.d/traefik-auth.conf"
     owner: 'root'
     group: 'root'
     mode: '0644'
-  with_items:
-    - odoo-auth
-    - traefik-auth
+    force: no
   when: inventory_hostname in groups.docker
   notify: restart fail2ban
   tags: fail2ban
diff --git a/templates/jail.Ubuntu22.j2 b/templates/jail.Ubuntu22.j2
index b0d0770c1419faa20bc4e3a67ad4a9de3f012ac2..b9ec0aa57f7a8dd3853b7dd8d098be6e08c5cd7c 100644
--- a/templates/jail.Ubuntu22.j2
+++ b/templates/jail.Ubuntu22.j2
@@ -1,280 +1,35 @@
-#
-# WARNING: heavily refactored in 0.9.0 release.  Please review and
-#          customize settings for your setup.
-#
-# Changes:  in most of the cases you should not modify this
-#           file, but provide customizations in jail.local file,
-#           or separate .conf files under jail.d/ directory, e.g.:
-#
-# HOW TO ACTIVATE JAILS:
-#
-# YOU SHOULD NOT MODIFY THIS FILE.
-#
-# It will probably be overwritten or improved in a distribution update.
-#
-# Provide customizations in a jail.local file or a jail.d/customisation.local.
-# For example to change the default bantime for all jails and to enable the
-# ssh-iptables jail the following (uncommented) would appear in the .local file.
-# See man 5 jail.conf for details.
-#
-# [DEFAULT]
-# bantime = 1h
-#
-# [sshd]
-# enabled = true
-#
-# See jail.conf(5) man page for more information
-
-
-
-# Comments: use '#' for comment lines and ';' (following a space) for inline comments
-
-
 [INCLUDES]
-
 before = paths-debian.conf
 
-# The DEFAULT allows a global definition of the options. They can be overridden
-# in each jail afterwards.
-
 [DEFAULT]
-
-#
-# MISCELLANEOUS OPTIONS
-#
-
-# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
-# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
-#bantime.increment = true
-
-# "bantime.rndtime" is the max number of seconds using for mixing with random time
-# to prevent "clever" botnets calculate exact time IP can be unbanned again:
-#bantime.rndtime =
-
-# "bantime.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
-#bantime.maxtime =
-
-# "bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier,
-# default value of factor is 1 and with default value of formula, the ban time
-# grows by 1, 2, 4, 8, 16 ...
-#bantime.factor = 1
-
-# "bantime.formula" used by default to calculate next value of ban time, default value bellow,
-# the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32...
-#bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
-#
-# more aggressive example of formula has the same values only for factor "2.0 / 2.885385" :
-#bantime.formula = ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)
-
-# "bantime.multipliers" used to calculate next value of ban time instead of formula, coresponding
-# previously ban count and given "bantime.factor" (for multipliers default is 1);
-# following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,
-# always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours
-#bantime.multipliers = 1 2 4 8 16 32 64
-# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
-# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
-#bantime.multipliers = 1 5 30 60 300 720 1440 2880
-
-# "bantime.overalljails" (if true) specifies the search of IP in the database will be executed
-# cross over all jails, if false (dafault), only current jail of the ban IP will be searched
-#bantime.overalljails = false
-
-# --------------------
-
-# "ignoreself" specifies whether the local resp. own IP addresses should be ignored
-# (default is true). Fail2ban will not ban a host which matches such addresses.
-#ignoreself = true
-
-# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
-# will not ban a host which matches an address in this list. Several addresses
-# can be defined using space (and/or comma) separator.
-ignoreip = 127.0.0.1/8{% if inventory_hostname in groups.docker %} 172.16.0.0/12 192.168.0.0/16{% endif %}{% for host in groups.docker_nagios %} {{ hostvars[host].ansible_host }}/32{% endfor %}
-
-# External command that will take an tagged arguments to ignore, e.g. <ip>,
-# and return true if the IP is to be ignored. False otherwise.
-#
-# ignorecommand = /path/to/command <ip>
+# MISC
+ignoreip = 127.0.0.1/8{% if inventory_hostname in groups.docker | default([]) %} 172.16.0.0/12 192.168.0.0/16{% endif %}{% for host in groups.docker_nagios | default([]) %} {{ hostvars[host].ansible_host }}/32{% endfor %}
 ignorecommand =
-
-# "bantime" is the number of seconds that a host is banned.
 bantime  = 86400 ; ban for 1 day
-
-# A host is banned if it has generated "maxretry" during the last "findtime"
-# seconds.
 findtime  = 3600 ; search for 1 hour
-
-# "maxretry" is the number of failures before a host get banned.
 maxretry = 3
-
-# "maxmatches" is the number of matches stored in ticket (resolvable via tag <matches> in actions).
 maxmatches = %(maxretry)s
-
-# "backend" specifies the backend used to get files modification.
-# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
-# This option can be overridden in each jail as well.
-#
-# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
-#              If pyinotify is not installed, Fail2ban will use auto.
-# gamin:     requires Gamin (a file alteration monitor) to be installed.
-#              If Gamin is not installed, Fail2ban will use auto.
-# polling:   uses a polling algorithm which does not require external libraries.
-# systemd:   uses systemd python library to access the systemd journal.
-#              Specifying "logpath" is not valid for this backend.
-#              See "journalmatch" in the jails associated filter config
-# auto:      will try to use the following backends, in order:
-#              pyinotify, gamin, polling.
-#
-# Note: if systemd backend is chosen as the default but you enable a jail
-#       for which logs are present only in its own log files, specify some other
-#       backend for that jail (e.g. polling) and provide empty value for
-#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
 backend = polling
-
-# "usedns" specifies if jails should trust hostnames in logs,
-#   warn when DNS lookups are performed, or ignore all hostnames in logs
-#
-# yes:   if a hostname is encountered, a DNS lookup will be performed.
-# warn:  if a hostname is encountered, a DNS lookup will be performed,
-#        but it will be logged as a warning.
-# no:    if a hostname is encountered, will not be used for banning,
-#        but it will be logged as info.
-# raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
 usedns = warn
-
-# "logencoding" specifies the encoding of the log files handled by the jail
-#   This is used to decode the lines from the log file.
-#   Typical examples:  "ascii", "utf-8"
-#
-#   auto:   will use the system locale setting
 logencoding = auto
-
-# "enabled" enables the jails.
-#  By default all jails are disabled, and it should stay this way.
-#  Enable only relevant to your setup jails in your .local or jail.d/*.conf
-#
-# true:  jail will be enabled and log files will get monitored for changes
-# false: jail is not enabled
 enabled = false
-
-
-# "mode" defines the mode of the filter (see corresponding filter implementation for more info).
 mode = normal
-
-# "filter" defines the filter to use by the jail.
-#  By default jails have names matching their filter name
-#
 filter = %(__name__)s[mode=%(mode)s]
 
-
-#
 # ACTIONS
-#
-
-# Some options used for actions
-
-# Destination email address used solely for the interpolations in
-# jail.{conf,local,d/*} configuration files.
 destemail = {{ default_maintenance_email }}
-
-# Sender email address used solely for some actions
 sender = {{ inventory_hostname|lower }}_server@{{ inventory_hostname|lower }}.server
-
-# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
-# mailing. Change mta configuration parameter to mail if you want to
-# revert to conventional 'mail'.
 mta = sendmail
-
-# Default protocol
 protocol = tcp
-
-# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
 chain = INPUT
-
-# Ports to be banned
-# Usually should be overridden in a particular jail
 port = 0:65535
-
-# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
 fail2ban_agent = Fail2Ban/%(fail2ban_version)s
-
-#
-# Action shortcuts. To be used to define action parameter
-
-# Default banning action (e.g. iptables, iptables-new,
-# iptables-multiport, shorewall, etc) It is used to define
-# action_* variables. Can be overridden globally or per
-# section within jail.local file
 banaction = iptables-multiport
 banaction_allports = iptables-allports
-
-# The simplest action to take: ban only
-action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report to the destemail.
-action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report and relevant log lines
-# to the destemail.
-action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
-
-# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
-#
-# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
-# to the destemail.
-action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
-
-# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
-# to the destemail.
-action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
-                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
-
-# Report block via blocklist.de fail2ban reporting service API
-#
-# See the IMPORTANT note in action.d/blocklist_de.conf for when to use this action.
-# Specify expected parameters in file action.d/blocklist_de.local or if the interpolation
-# `action_blocklist_de` used for the action, set value of `blocklist_de_apikey`
-# in your `jail.local` globally (section [DEFAULT]) or per specific jail section (resp. in
-# corresponding jail.d/my-jail.local file).
-#
-action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
-
-# Report ban via badips.com, and use as blacklist
-#
-# See BadIPsAction docstring in config/action.d/badips.py for
-# documentation for this action.
-#
-# NOTE: This action relies on banaction being present on start and therefore
-# should be last action defined for a jail.
-#
-action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
-#
-# Report ban via badips.com (uses action.d/badips.conf for reporting only)
-#
-action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
-
-# Report ban via abuseipdb.com.
-#
-# See action.d/abuseipdb.conf for usage example and details.
-#
-action_abuseipdb = abuseipdb
-
-# Choose default action.  To change, just override value of 'action' with the
-# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
-# globally (section [DEFAULT]) or per specific section
+action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
 action = %(action_)s
 
-
-#
 # JAILS
-#
-
-#
-# SSH servers
-#
-
 [sshd]
 backend = systemd
 enabled = true
@@ -282,72 +37,58 @@ logpath = /var/log/auth.log
 mode    = aggressive
 port    = {{ default_sshd_port }}
 
-
-# Jail for more extended banning of persistent abusers
-# !!! WARNINGS !!!
-# 1. Make sure that your loglevel specified in fail2ban.conf/.local
-#    is not at DEBUG level -- which might then cause fail2ban to fall into
-#    an infinite loop constantly feeding itself with non-informative lines
-# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
-#    to maintain entries for failed logins for sufficient amount of time
-[recidive]
-banaction = %(banaction_allports)s
-bantime  = 1w
+[nagios]
 enabled = true
-findtime = 1d
-logpath  = /var/log/fail2ban.log
-
+logpath  = /var/log/syslog
+maxretry = 1
 
-{% if inventory_hostname in groups.gitlab %}
-#
-# HTTP servers
-#
+{% if inventory_hostname in groups.gitlab | default([]) %}
+[gitlab]
+enabled = true
+logpath = /var/log/gitlab/gitlab-rails/application.log
+port    = http,https
 
 [nginx-http-auth]
 enabled	= true
-port    = http,https
 logpath = /var/log/gitlab/nginx/*error.log
+port    = http,https
 
 [nginx-botsearch]
 enabled	 = true
-port     = http,https
 logpath  = /var/log/gitlab/nginx/*error.log
-maxretry = 3
-
+maxretry = 2
+port     = http,https
 
 {% endif %}
-{% if inventory_hostname in groups.odoo_server or inventory_hostname in groups.owncloud_server %}
-#
-# HTTP servers
-#
-
+{% if inventory_hostname in groups.odoo_server | default([]) or inventory_hostname in groups.owncloud_server | default([]) %}
 [nginx-http-auth]
 enabled	= true
-port    = http,https
 logpath = /var/log/nginx/*error.log
+port    = http,https
 
 [nginx-botsearch]
 enabled	 = true
-port     = http,https
 logpath  = /var/log/nginx/*error.log
 maxretry = 2
-
+port     = http,https
 
 {% endif %}
-{% if inventory_hostname in groups.docker and inventory_hostname not in groups.docker_nextcloud %}
-#
-# Docker containers
-#
+[recidive]
+banaction = %(banaction_allports)s
+bantime  = 1w
+enabled  = true
+findtime = 1d
+logpath  = /var/log/fail2ban.log
+{% if inventory_hostname in groups.docker | default([]) and inventory_hostname not in groups.docker_nextcloud | default([]) %}
 
-[docker-traefik-auth]
-chain   = DOCKER-USER
-enabled = true
-filter  = traefik-auth
+[traefik-auth]
+chain    = DOCKER-USER
+enabled  = true
 {% if docker_userns_remap %}
-logpath = /var/lib/docker/{{ dockremap_subuid | default("*") }}.{{ dockremap_subgid | default("*") }}/volumes/inverseproxy_logs/_data/access.log
+logpath  = /var/lib/docker/{{ dockremap_subuid | default("*") }}.{{ dockremap_subgid | default("*") }}/volumes/inverseproxy_logs/_data/access.log
 {% else %}
-logpath = /var/lib/docker/volumes/inverseproxy_logs/_data/access.log
+logpath  = /var/lib/docker/volumes/inverseproxy_logs/_data/access.log
 {% endif %}
-port    = http,https
-
+mode     = aggressive
+port     = http,https
 {% endif %}