psm-server-provisioning/roles/security/tasks/main.yml

- name: Install FirewallD and Fail2Ban
  apt:
          name: firewalld, fail2ban
          state: present

- name: Copy FirewallD public.conf
  notify: Restart FirewallD
  template:
          src: firewalld-public.conf
          dest: /etc/firewalld/zones/public.xml
          owner: root
          group: root
          mode: u=rw,g=r,o=r

- name: Copy Fail2Ban conf
  notify: Restart Fail2Ban
  copy:
          src: fail2ban.conf
          dest: /etc/fail2ban/jail.d/server.conf
          owner: root
          group: root
          mode: u=rw,g=r,o=r

- name: Copy SSHD conf
  notify: Restart SSHD
  copy:
          src: sshd.conf
          dest: /etc/ssh/sshd_config.d/10-security.conf
          owner: root
          group: root
          mode: u=rw,g=r,o=r