roles/common: rework fail2ban tasks

We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.

roles/common/tasks/firewall_Debian.yml

@@ -6,10 +6,8 @@
       when: ansible_distribution_major_version is version('11', '>=')
       ansible.builtin.package:
         name:
-          - fail2ban
           - libnet-ip-perl # for aggregate-cidr-addresses.pl
           - nftables
-          - python3-systemd
           - curl # for nftables update scripts
         state: present
         cache_valid_time: 3600
@@ -109,8 +107,12 @@
         state: started
         enabled: true
 
+    # We only install fail2ban on systems running nginx. If the host is running
+    # Caddy then there are no logs for us to monitor.
     - ansible.builtin.include_tasks: fail2ban.yml
-      when: ansible_distribution_major_version is version('9', '>=')
+      when:
+        - ansible_distribution_major_version is version('9', '>=')
+        - webserver is defined and webserver == 'nginx'
   tags: firewall
 
 # vim: set sw=2 ts=2: