- hosts: webservers
  become: True
  gather_facts: True
  vars:
    ssh_server_ports: "{{ vault_ssh_server_ports }}"
    nginx_add_header: []
    sysctl_overwrite:
      # Enable IPv4 traffic forwarding.
      net.ipv4.ip_forward: 1
  roles:
    - role: dev-sec.os-hardening
    # - role: dev-sec.ssh-hardening
    # - role: nginxinc.nginx
    # - role: dev-sec.nginx-hardening
    # - role: jnv.unattended-upgrades