diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..326ec61
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,39 @@
+# you must prefixe path with "${path.module}/"
+resource "null_resource" "fail2ban" {
+  # triggers = {
+  #   source = filesha256("${path.module}/script")
+  # }
+  connection {
+    type        = "ssh"
+    user        = "root"
+    host        = var.connection_ip
+    private_key = var.connection_private_key
+  }
+
+  # provisioner "file" {
+  #   source      = "${path.module}/script"
+  #   destination = "/tmp"
+  # }
+
+  provisioner "remote-exec" {
+    inline = [
+      "echo '#-----------------------'",
+      "echo '# module alpine_fail2ban'",
+      "echo '#-----------------------'",
+      "echo '# install fail2ban'",
+      "apk add fail2ban",
+      #
+      "echo '# enable service fail2ban'",
+      "rc-update add fail2ban",
+      "rc-service fail2ban start",
+      #
+      "echo '# install helpers'",
+      "ln -s /etc/fail2ban /root/fail2ban",
+      "ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
+      "ln -s 'fail2ban-client set sshd unbanip x.x.x.x' /etc/fail2ban/1_unban",
+      "ln -s 'fail2ban-client reload sshd' /etc/fail2ban/2_reload",
+      "echo '# module DONE'",
+    ]
+  }
+
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..b2ff069
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,11 @@
+variable "connection_ip" {
+  type        = string
+  description = "ipv4"
+}
+
+variable "connection_private_key" {
+  type        = string
+  description = "private key for terraform connection"
+  sensitive   = true
+}
+