added again ansible-role-security

roles/ansible-role-security/templates/10periodic.j2

@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";

roles/ansible-role-security/templates/50unattended-upgrades.j2

@@ -0,0 +1,20 @@
+Unattended-Upgrade::Automatic-Reboot "{{ security_autoupdate_reboot }}";
+Unattended-Upgrade::Automatic-Reboot-Time "{{ security_autoupdate_reboot_time }}";
+
+{% if security_autoupdate_mail_to %}
+Unattended-Upgrade::Mail "{{ security_autoupdate_mail_to }}";
+{% if security_autoupdate_mail_on_error %}
+Unattended-Upgrade::MailOnlyOnError "true";
+{% endif %}
+{% endif %}
+
+Unattended-Upgrade::Allowed-Origins {
+        "${distro_id} ${distro_codename}-security";
+//      "${distro_id} ${distro_codename}-updates";
+};
+
+Unattended-Upgrade::Package-Blacklist{
+{% for package in security_autoupdate_blacklist %}
+      "{{package}}";
+{% endfor %}
+}

roles/ansible-role-security/templates/jail.local.j2

@@ -0,0 +1,4 @@
+[sshd]
+enabled = true
+port    = {{ security_ssh_port }}
+filter  = sshd