Working debian packer template w/ ansible to set up fw rules after reboot

author: clyhtsuriva <aimeric@adjutor.xyz> 2025-02-01 02:12:10 +0100
committer: clyhtsuriva <aimeric@adjutor.xyz> 2025-02-01 02:12:10 +0100
commit: f246600cbb66834c1289bf52cf7bd95cc6428b02 (patch)
tree: 2672aa9539cad83ae3c8861ebc0571c398a397f6 /ansible/roles/common/tasks/ufw.yml
parent: 97f55e590c58a3f252497df23bcec97c9352ff06 (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml
new file mode 100644
index 0000000..155579f
--- /dev/null
+++ b/ansible/roles/common/tasks/ufw.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure UFW is installed
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH
+    comment: "Allow SSH"
+
+- name: Allow HTTP
+  community.general.ufw:
+    rule: allow
+    port: 80
+    proto: tcp
+    comment: "Allow HTTP"
+
+- name: Allow HTTPS
+  community.general.ufw:
+    rule: allow
+    port: 443
+    proto: tcp
+    comment: "Allow HTTPS"
+
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
+
+- name: Ensure UFW is enabled on boot
+  ansible.builtin.systemd:
+    name: ufw
+    enabled: true
+...
author	clyhtsuriva <aimeric@adjutor.xyz>	2025-02-01 02:12:10 +0100
committer	clyhtsuriva <aimeric@adjutor.xyz>	2025-02-01 02:12:10 +0100
commit	f246600cbb66834c1289bf52cf7bd95cc6428b02 (patch)
tree	2672aa9539cad83ae3c8861ebc0571c398a397f6 /ansible/roles/common/tasks/ufw.yml
parent	97f55e590c58a3f252497df23bcec97c9352ff06 (diff)