46 lines
829 B
YAML
46 lines
829 B
YAML
---
|
|
- name: Install UFW
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- ufw
|
|
|
|
- name: Enable UFW and set default policy
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|
|
|
|
- name: Allow SSH
|
|
community.general.ufw:
|
|
rule: allow
|
|
name: OpenSSH
|
|
|
|
- name: Allow custom SSH port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '{{ sshd_port }}'
|
|
proto: tcp
|
|
|
|
- name: Allow all access to web (80)
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '80'
|
|
proto: tcp
|
|
|
|
- name: Allow all access to web (443)
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '443'
|
|
proto: tcp
|
|
|
|
- name: Allow all access to node_exporter
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '9100'
|
|
proto: tcp
|
|
|
|
- name: Allow SSH access to Forgejo
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '{{ forgejo_ssh_port }}'
|
|
proto: tcp
|