# Make a full system upgrade (using apt-get full-upgrade)
common_full_upgrade: false
common_allow_restart: false # allow restarting after update

# Install and configure UFW Firewall on the system
common_firewall_enabled: true
common_firewall_reject: false # reject all connections by default

# Allow incoming on internal subnet
common_firewall_allow_internal_incoming: true # allow or not?
common_firewall_internal_subnet: 10.0.0.0/24 # internal subnet

# Default Firewall Rules
common_firewall:
  - port: 22
    rule: allow
    state: present
    interface: "{{ common_firewall_lan_interface if common_firewall_lan_interface }}"
    comment: "Allow incoming connections on {{ common_firewall_lan_interface if common_firewall_lan_interface else 'all interfaces' }}"

# Configure SSH to only accept SSH Keys
common_ssh_configure: true

# This locks the root account *password*, but still allows SSH Key and sudo logins
# To unlock the password, set this to false.
common_lock_root: true