---
- name: harden node
  hosts: ec2
  become: true
  roles:
    - role: harden/fail2ban

    - role: harden/unattended_upgrades

    - role: harden/sshd_config
      vars:
        ssh_port: "{{ ssh_port }}"

    - role: harden/nftables
      vars:
        ssh_port: "{{ ssh_port }}"
        # ntp_port: "{{ ntp_port }}"
        nftables_conf_name: "vm-nftables.conf.j2"

  # ansible-playbook playbooks/harden/harden_node.yml -i inventory.ec2.ini -e "ssh_port=25105"