---
# Common role defaults

# Firewall
ufw_allowed_ports:
  - { port: "{{ ssh_port | default(22) }}", proto: tcp, comment: "SSH" }
  - { port: 80, proto: tcp, comment: "HTTP" }
  - { port: 443, proto: tcp, comment: "HTTPS" }

# fail2ban
fail2ban_maxretry: 5
fail2ban_bantime: 3600
fail2ban_findtime: 600

# Swap (create if < 2GB RAM)
swap_size_mb: 2048