v0.1

playbooks/roles/firewall/tasks/UFW-playbook.yaml.examples

@@ -0,0 +1,38 @@
+---
+- name: Install and configure UFW
+  hosts: main_server
+  become: yes
+  tasks:
+    - name: Install UFW
+      apt:
+        name:
+          - ufw
+        state: present
+        update_cache: yes
+
+    - name: Set default deny policy
+      ufw:
+        direction: incoming
+        policy: deny
+
+    - name: Allow required ports
+      ufw:
+        rule: allow
+        port: "{{ item.port }}"
+        proto: "{{ item.proto | default('tcp') }}"
+      loop:
+        - { port: "{{ gitea_ssh_port }}", proto: "tcp" }
+        - { port: "{{ main_ssh_port }}", proto: "tcp" }
+        - { port: "{{ https_port }}", proto: "tcp" }
+        - { port: "{{ http_port }}", proto: "tcp" }
+        - { port: "{{ db_port }}", proto: "tcp" }
+
+    - name: Enable UFW
+      ufw:
+        state: enabled
+
+    - name: restart UFW
+      service:
+        name: ufw
+        state: restarted
+

playbooks/roles/firewall/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# tasks file for firewall
+- name: Install UFW
+  ansible.builtin.apt:
+    name:
+      - ufw
+    state: present
+    update_cache: yes
+
+- name: Set default deny policy
+  ufw:
+    direction: incoming
+    policy: deny
+
+- name: Allow required ports
+  ufw:
+    rule: allow
+    port: "{{ item.value.port }}"
+    proto: "{{ item.value.proto | default('tcp') }}"
+  loop: "{{ ports | dict2items }}"
+
+- name: Enable UFW
+  ufw:
+    state: enabled
+
+- name: restart UFW
+  ansible.builtin.service:
+    name: ufw
+    state: restarted
+