Working debian packer template w/ ansible to set up fw rules after reboot

5 files changed, 47 insertions, 0 deletions

diff --git a/ansible/roles/README.md b/ansible/roles/README.md
index 59841b5..744532c 100644
--- a/ansible/roles/README.md
+++ b/ansible/roles/README.md
@@ -3,4 +3,6 @@
 This folder contains reusable Ansible roles for configuration management.
 
 ## Available Roles
+- common
+- docker
 - nginx
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
new file mode 100644
index 0000000..d090d0e
--- /dev/null
+++ b/ansible/roles/common/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart UFW
+  ansible.builtin.service:
+    name: ufw
+    state: restarted
+...
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
new file mode 100644
index 0000000..f15e2b7
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Include UFW tasks
+  include_tasks: ufw.yml
+...
diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml
new file mode 100644
index 0000000..155579f
--- /dev/null
+++ b/ansible/roles/common/tasks/ufw.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure UFW is installed
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH
+    comment: "Allow SSH"
+
+- name: Allow HTTP
+  community.general.ufw:
+    rule: allow
+    port: 80
+    proto: tcp
+    comment: "Allow HTTP"
+
+- name: Allow HTTPS
+  community.general.ufw:
+    rule: allow
+    port: 443
+    proto: tcp
+    comment: "Allow HTTPS"
+
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
+
+- name: Ensure UFW is enabled on boot
+  ansible.builtin.systemd:
+    name: ufw
+    enabled: true
+...
diff --git a/ansible/roles/nginx/update_nginx.yml b/ansible/roles/nginx/tasks/update_nginx.yml
index 4813e6c..4813e6c 100644
--- a/ansible/roles/nginx/update_nginx.yml
+++ b/ansible/roles/nginx/tasks/update_nginx.yml