46 lines
829 B
YAML
46 lines
829 B
YAML
|
---
|
||
|
- name: Install UFW
|
||
|
ansible.builtin.apt:
|
||
|
pkg:
|
||
|
- ufw
|
||
|
|
||
|
- name: Enable UFW and set default policy
|
||
|
community.general.ufw:
|
||
|
state: enabled
|
||
|
policy: deny
|
||
|
|
||
|
- name: Allow SSH
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
name: OpenSSH
|
||
|
|
||
|
- name: Allow custom SSH port
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: '{{ sshd_port }}'
|
||
|
proto: tcp
|
||
|
|
||
|
- name: Allow all access to web (80)
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: '80'
|
||
|
proto: tcp
|
||
|
|
||
|
- name: Allow all access to web (443)
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: '443'
|
||
|
proto: tcp
|
||
|
|
||
|
- name: Allow all access to node_exporter
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: '9100'
|
||
|
proto: tcp
|
||
|
|
||
|
- name: Allow SSH access to Forgejo
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: '{{ forgejo_ssh_port }}'
|
||
|
proto: tcp
|