infra/roles/base/defaults/main.yml

---
# SSH hardening
sshd_port: 22
sshd_permit_root_login: "no"
sshd_password_authentication: "no"
sshd_pubkey_authentication: "yes"
sshd_x11_forwarding: "no"
sshd_max_auth_tries: 3
sshd_client_alive_interval: 300
sshd_client_alive_count_max: 2

# Packages to install
base_packages:
  - ufw
  - fail2ban
  - curl
  - wget
  - git
  - htop
  - vim
  - unzip
  - ca-certificates
  - gnupg
  - lsb-release
  - logrotate