Initial commit - Security operations and hardening tools

- Added Ansible playbooks for security hardening (UFW, Fail2Ban)
- Implemented SSH key management and host synchronization tools
- Created UFW hardening scripts and network security configurations
- Added Cockpit-Traefik reverse proxy setup documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

sync-hosts-playbook.yml

@@ -0,0 +1,37 @@
+---
+- name: Ensure consistent /etc/hosts across all Pop!_OS machines
+  hosts: popos
+  become: true
+
+  vars:
+    hosts_entries:
+      - { ip: "127.0.0.1", name: "localhost" }
+      - { ip: "::1", name: "ip6-localhost" }
+
+      # Cluster-wide consistent hostnames
+      - { ip: "192.168.1.27",  name: "walnut" }
+      - { ip: "192.168.1.72",  name: "acacia" }
+      - { ip: "192.168.1.113", name: "ironwood" }
+      - { ip: "192.168.1.132", name: "rosewood" }
+
+      # Raspberry Pi & cluster nodes
+      - { ip: "192.168.1.80",  name: "cm4a" }
+      - { ip: "192.168.1.82",  name: "cm4b" }
+      - { ip: "192.168.1.84",  name: "cm4c" }
+      - { ip: "192.168.1.88",  name: "cm4d" }
+      - { ip: "192.168.1.90",  name: "clusterpi" }
+      - { ip: "192.168.1.107", name: "turingpi" }
+      - { ip: "192.168.1.108", name: "pi2" }
+      - { ip: "192.168.1.112", name: "pi1" }
+
+    # Optional commented hosts
+    hosts_commented:
+      - { ip: "192.168.1.xxx", name: "cm4e" }
+  tasks:
+    - name: Deploy consistent /etc/hosts file
+      template:
+        src: hosts.j2
+        dest: /etc/hosts
+        owner: root
+        group: root
+        mode: '0644'