infra/roles/linode/tasks/main.yml

---
- name: Fix timezone
  file:
    src: /usr/share/zoneinfo/{{ timezone }}
    dest: /etc/zoneinfo
    state: link

- name: Disable cockpit
  systemd:
    name: cockpit.socket
    state: stopped
    enabled: no
  when:
    - ansible_os_family == 'Fedora'

- name: Close cockpit port
  firewalld:
    zone: FedoraServer
    service: cockpit
    state: disabled
    permanent: yes
    immediate: yes
  when:
    - ansible_os_family == 'Fedora'

- name: Remove cockpit motd banner
  file:
    path: /etc/motd.d/cockpit
    state: absent
  when:
    - ansible_os_family == 'Fedora'

- name: Loosen up systemd-oomd defaults
  lineinfile:
    path: /etc/systemd/oomd.conf
    regexp: '^DefaultMemoryPressureLimit='
    insertafter: '^#DefaultMemoryPressureLimit='
    line: DefaultMemoryPressureLimit=80%

- name: Install fail2ban
  package:
    name: fail2ban
    state: present

- name: Configure fail2ban
  template:
    src: ssh.local.j2
    dest: /etc/fail2ban/jail.d/ssh.local
    owner: root
    group: root
    mode: '0644'
  notify: Restart fail2ban

- name: Start/enable fail2ban
  systemd:
    name: fail2ban
    state: started
    enabled: yes