91 lines
1.6 KiB
YAML
91 lines
1.6 KiB
YAML
- name: Install packages
|
|
community.general.pacman:
|
|
name:
|
|
- ufw
|
|
|
|
- name: Deny all ports by default
|
|
community.general.ufw:
|
|
policy: deny
|
|
|
|
- name: Allow Matrix federation port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 8448
|
|
proto: tcp
|
|
state: enabled
|
|
when: enable_synapse
|
|
|
|
- name: Allow Syncthing port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 22000
|
|
proto: any
|
|
state: enabled
|
|
when: enable_syncthing
|
|
|
|
- name: Allow http/https ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
state: enabled
|
|
when: enable_webserver
|
|
with_items:
|
|
- http
|
|
- https
|
|
|
|
- name: Allow coturn ports (turn/turns)
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
state: enabled
|
|
when: enable_coturn
|
|
with_items:
|
|
- turn
|
|
- turns
|
|
|
|
- name: Allow coturn UDP relay ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "49152:65535"
|
|
proto: udp
|
|
state: enabled
|
|
when: enable_coturn
|
|
|
|
- name: Allow coturn TCP relay ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "49152:65535"
|
|
proto: tcp
|
|
state: enabled
|
|
when: enable_coturn
|
|
|
|
- name: Allow ssh port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ sshd_port }}"
|
|
proto: tcp
|
|
state: enabled
|
|
|
|
- name: Allow gitea ssh port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "2499"
|
|
proto: tcp
|
|
state: enabled
|
|
|
|
- name: Allow DNS port to LAN
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: domain
|
|
proto: any
|
|
state: enabled
|
|
src: "{{ local_subnet }}"
|
|
when: enable_nameserver
|
|
|
|
- name: Enable firewall service
|
|
service:
|
|
name: ufw
|
|
state: started
|
|
enabled: yes
|