deployment/roles/net-security/tasks/main.yml

- name: Install fail2ban & ufw.
  apt:
    name:
      - fail2ban
      - ufw
    state: present

# TODO add proper fail2ban config

- name: Ensure fail2ban is started & enabled.
  service:
    name: fail2ban
    state: started
    enabled: true

- name: Ensure ufw is started & enabled.
  service:
    name: fail2ban
    state: started
    enabled: true

- name: Allow SSH connections.
  community.general.ufw:
    rule: allow
    port: 2222

- name: Block everything else by default & enable firewall.
  community.general.ufw:
    default: deny
    state: enabled