---
- name: Ensure UFW is installed
  ansible.builtin.apt:
    name: ufw
    state: present

- name: Allow SSH
  community.general.ufw:
    rule: allow
    name: OpenSSH
    comment: "Allow SSH"

- name: Allow HTTP
  community.general.ufw:
    rule: allow
    port: 80
    proto: tcp
    comment: "Allow HTTP"

- name: Allow HTTPS
  community.general.ufw:
    rule: allow
    port: 443
    proto: tcp
    comment: "Allow HTTPS"

- name: Enable UFW
  community.general.ufw:
    state: enabled

- name: Ensure UFW is enabled on boot
  ansible.builtin.systemd:
    name: ufw
    enabled: true
...