Remove Debian 10 support

roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2

@@ -2,13 +2,8 @@
 enabled   = true
 # See: /etc/fail2ban/filter.d/nginx-botsearch.conf
 filter    = nginx-botsearch
-{% if (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')) %}
 # Integrate with nftables
 banaction=nftables[type=allports]
-{% else %}
-# Integrate with firewalld and ipsets
-banaction = firewallcmd-ipset
-{% endif %}
 backend   = pyinotify
 logpath   = /var/log/nginx/*-access.log
 # Try to find a non-existent wp-login.php once and get banned. Tough luck.

roles/common/templates/etc/fail2ban/jail.d/sshd.local.j2

@@ -2,13 +2,8 @@
 enabled   = true
 # See: /etc/fail2ban/filter.d/sshd.conf
 filter    = sshd
-{% if (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')) %}
 # Integrate with nftables
 banaction=nftables[type=allports]
-{% else %}
-# Integrate with firewalld and ipsets
-banaction = firewallcmd-ipset
-{% endif %}
 backend   = systemd
 maxretry  = {{ fail2ban_maxretry }}
 findtime  = {{ fail2ban_findtime }}

roles/common/templates/public.xml.j2

@@ -1,81 +0,0 @@
-<zone>
-    <short>Public</short>
-    <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
-    <interface name="{{ ansible_default_ipv4.interface }}"/>
-
-    {# ssh rules #}
-    <rule family="ipv4">
-        <source address="0.0.0.0/0"/>
-        <port protocol="tcp" port="22"/>
-        <accept/>
-    </rule>
-
-    {# ipv6 ssh rules #}
-    <rule family="ipv6">
-        <source address="::/0"/>
-        <port protocol="tcp" port="22"/>
-        <accept/>
-    </rule>
-
-    {# web rules #}
-    <rule family="ipv4">
-        <source address="0.0.0.0/0"/>
-        <port protocol="tcp" port="80"/>
-        <accept/>
-    </rule>
-
-    {# ipv6 web rules #}
-    <rule family="ipv6">
-        <source address="::/0"/>
-        <port protocol="tcp" port="80"/>
-        <accept/>
-    </rule>
-
-    {# munin rules #}
-    {% if munin_master_host is defined %}
-    <rule family="ipv4">
-        <source address="{{ ghetto_ipsets[munin_master_host].src }}"/>
-        <port protocol="tcp" port="{{ munin_node_port }}"/>
-        <accept/>
-    </rule>
-    {% endif %}
-
-    {# extra rules #}
-    {% if extra_iptables_rules is defined %}
-    {% for rule in extra_iptables_rules %}
-    <rule family="ipv4">
-        <source address="{{ ghetto_ipsets[rule.acl].src }}"/>
-        <port protocol="{{ rule.protocol }}" port="{{ rule.port }}"/>
-        <accept/>
-    </rule>
-
-    {# ipv6 extra rules #}
-    {% if ghetto_ipsets[rule.acl].ipv6src is defined %}
-    <rule family="ipv6">
-        <source address="{{ ghetto_ipsets[rule.acl].ipv6src }}"/>
-        <port protocol="{{ rule.protocol }}" port="{{ rule.port }}"/>
-        <accept/>
-    </rule>
-    {% endif %}
-
-    {% endfor %}
-    {% endif %}
-
-    <rule>
-      <source ipset="abusers-ipv4"/>
-      <drop/>
-    </rule>
-    <rule>
-      <source ipset="abusers-ipv6"/>
-      <drop/>
-    </rule>
-    <rule>
-      <source ipset="spamhaus-ipv4"/>
-      <drop/>
-    </rule>
-    <rule>
-      <source ipset="spamhaus-ipv6"/>
-      <drop/>
-    </rule>
-
-</zone>