---
# Configuration par défaut pour le hardening
ssh_port: 22
ssh_protocol: 2
ssh_permit_root_login: "no"
ssh_password_authentication: "no"
ssh_pub_key_authentication: "yes"
ssh_allow_users: ["ansible"]
ssh_max_auth_tries: 3
ssh_client_alive_interval: 300
ssh_client_alive_count_max: 2

# Firewall
ufw_default_incoming: deny
ufw_default_outgoing: allow
ufw_allowed_ports:
  - 22/tcp
  - 25565/tcp
  - 25575/tcp

# Fail2ban
fail2ban_enabled: true
fail2ban_bantime: 3600
fail2ban_findtime: 600
fail2ban_maxretry: 3