39 lines
863 B
Plaintext
39 lines
863 B
Plaintext
---
|
|
- name: Install and configure UFW
|
|
hosts: main_server
|
|
become: yes
|
|
tasks:
|
|
- name: Install UFW
|
|
apt:
|
|
name:
|
|
- ufw
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Set default deny policy
|
|
ufw:
|
|
direction: incoming
|
|
policy: deny
|
|
|
|
- name: Allow required ports
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item.port }}"
|
|
proto: "{{ item.proto | default('tcp') }}"
|
|
loop:
|
|
- { port: "{{ gitea_ssh_port }}", proto: "tcp" }
|
|
- { port: "{{ main_ssh_port }}", proto: "tcp" }
|
|
- { port: "{{ https_port }}", proto: "tcp" }
|
|
- { port: "{{ http_port }}", proto: "tcp" }
|
|
- { port: "{{ db_port }}", proto: "tcp" }
|
|
|
|
- name: Enable UFW
|
|
ufw:
|
|
state: enabled
|
|
|
|
- name: restart UFW
|
|
service:
|
|
name: ufw
|
|
state: restarted
|
|
|