diff options
| author | clyhtsuriva <aimeric@adjutor.xyz> | 2025-02-01 02:12:10 +0100 | 
|---|---|---|
| committer | clyhtsuriva <aimeric@adjutor.xyz> | 2025-02-01 02:12:10 +0100 | 
| commit | f246600cbb66834c1289bf52cf7bd95cc6428b02 (patch) | |
| tree | 2672aa9539cad83ae3c8861ebc0571c398a397f6 /ansible/roles/common/tasks | |
| parent | 97f55e590c58a3f252497df23bcec97c9352ff06 (diff) | |
Working debian packer template w/ ansible to set up fw rules after reboot
Diffstat (limited to 'ansible/roles/common/tasks')
| -rw-r--r-- | ansible/roles/common/tasks/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/ufw.yml | 35 | 
2 files changed, 39 insertions, 0 deletions
| diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..f15e2b7 --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Include UFW tasks +  include_tasks: ufw.yml +... diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml new file mode 100644 index 0000000..155579f --- /dev/null +++ b/ansible/roles/common/tasks/ufw.yml @@ -0,0 +1,35 @@ +--- +- name: Ensure UFW is installed +  ansible.builtin.apt: +    name: ufw +    state: present + +- name: Allow SSH +  community.general.ufw: +    rule: allow +    name: OpenSSH +    comment: "Allow SSH" + +- name: Allow HTTP +  community.general.ufw: +    rule: allow +    port: 80 +    proto: tcp +    comment: "Allow HTTP" + +- name: Allow HTTPS +  community.general.ufw: +    rule: allow +    port: 443 +    proto: tcp +    comment: "Allow HTTPS" + +- name: Enable UFW +  community.general.ufw: +    state: enabled + +- name: Ensure UFW is enabled on boot +  ansible.builtin.systemd: +    name: ufw +    enabled: true +... | 
