---
- hosts: all
  vars:
        apt:
                packages:
                        - { package: "iptables-persistent", state: present }
                        - { package: "netfilter-persistent", state: present }
                        - { package: "sed", state: present }
                        - { package: "git", state: present }
                        - { package: "zsh", state: present }
                        - { package: "vim", state: present }
                        - { package: "sudo", state: present }
                        - { package: "iptables", state: present }
                        - { package: "fail2ban", state: present }
                clean: true
                upgrade: true
        systemd:
                services:
                        - { name: "netfilter-persistent", enabled: true, action: restarted }
                        - { name: "fail2ban", enabled: true, action: reloaded }
                        - { name: "ssh", enabled: true, action: reloaded }
        vault:
                roles:
                        - "common"
  roles:
        - vault
        - apt
        - common # This group relies too much on handlers, it's better to use it as it is
        - fail2ban
        - systemd