From 1d56769405ca15dcebf506353683c25df339f99a Mon Sep 17 00:00:00 2001
From: Egon Rijpkema <git@egonrijpkema.nl>
Date: Wed, 3 Oct 2018 13:45:54 +0200
Subject: [PATCH] Better security for machine that runs horizon.

---
 ansible.cfg            | 1 +
 group_vars/horizon.yml | 2 ++
 horizon.yml            | 1 +
 3 files changed, 4 insertions(+)
 create mode 100644 group_vars/horizon.yml

diff --git a/ansible.cfg b/ansible.cfg
index f38c9e0..de77da7 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,3 +3,4 @@ inventory = merlin
 stdout_callback = debug
 vault_password_file = .vault_pass.txt
 forks = 20
+host_key_checking = false
diff --git a/group_vars/horizon.yml b/group_vars/horizon.yml
new file mode 100644
index 0000000..2d4f7f5
--- /dev/null
+++ b/group_vars/horizon.yml
@@ -0,0 +1,2 @@
+---
+security_fail2ban_enabled: false
diff --git a/horizon.yml b/horizon.yml
index 6bd1997..e52a551 100644
--- a/horizon.yml
+++ b/horizon.yml
@@ -6,4 +6,5 @@
 - hosts: horizon
   become: True
   roles:
+     - geerlingguy.security
      - horizon