Add role for ufw

2024-04-14 18:32:50 -05:00 · 2024-04-14 18:32:50 -05:00 · b45f8cf5dd
commit b45f8cf5dd
parent 7caf443b35
5 changed files with 44 additions and 0 deletions
--- a/roles/ufw/defaults/main.yaml
+++ b/roles/ufw/defaults/main.yaml
@ -0,0 +1,6 @@
+---
+# ufw_state: enabled
+# ufw_policy: allow
+ufw_rules:
+  - port: ssh
+    rule: allow
--- a/roles/ufw/tasks/configure.yaml
+++ b/roles/ufw/tasks/configure.yaml
@ -0,0 +1,12 @@
+---
+- name: set ufw state
+  community.general.ufw:
+    state: "{{ ufw_state | default('enabled') }}"
+    policy: "{{ ufw_policy | default('allow') }}"
+
+- name: configure rules
+  community.general.ufw:
+    port: "{{ item.port | default(omit) }}"
+    proto: "{{ item.proto | default(omit) }}"
+    rule: "{{ item.rule | default(omit) }}"
+  loop: "{{ ufw_rules | default([]) }}"
--- a/roles/ufw/tasks/default.yaml
+++ b/roles/ufw/tasks/default.yaml
--- a/roles/ufw/tasks/main.yaml
+++ b/roles/ufw/tasks/main.yaml
@ -0,0 +1,26 @@
+---
+- name: gather OS specific variables
+  ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: run os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- include_tasks: configure.yaml
--- a/roles/ufw/vars/default.yaml
+++ b/roles/ufw/vars/default.yaml