57 lines
1017 B
YAML
57 lines
1017 B
YAML
- name: Install packages
|
|
community.general.pacman:
|
|
name:
|
|
- ufw
|
|
|
|
- name: Deny all ports by default
|
|
community.general.ufw:
|
|
policy: deny
|
|
|
|
- name: Allow Matrix federation port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 8448
|
|
proto: tcp
|
|
state: enabled
|
|
when: enable_synapse
|
|
|
|
- name: Allow http/https ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
state: enabled
|
|
when: enable_webserver
|
|
with_items:
|
|
- http
|
|
- https
|
|
|
|
- name: Allow ssh port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ sshd_port }}"
|
|
proto: tcp
|
|
state: enabled
|
|
|
|
- name: Allow gitea ssh port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "2499"
|
|
proto: tcp
|
|
state: enabled
|
|
|
|
- name: Allow DNS port to LAN
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: domain
|
|
proto: any
|
|
state: enabled
|
|
src: "{{ local_subnet }}"
|
|
when: enable_nameserver
|
|
|
|
- name: Enable firewall service
|
|
service:
|
|
name: ufw
|
|
state: started
|
|
enabled: yes
|