From b45f8cf5dd9d52de21f034baa114681fb299a69f Mon Sep 17 00:00:00 2001
From: Ryan Cavicchioni <ryan@cavi.cc>
Date: Sun, 14 Apr 2024 18:32:50 -0500
Subject: [PATCH] Add role for ufw

---
 roles/ufw/defaults/main.yaml   |  6 ++++++
 roles/ufw/tasks/configure.yaml | 12 ++++++++++++
 roles/ufw/tasks/default.yaml   |  0
 roles/ufw/tasks/main.yaml      | 26 ++++++++++++++++++++++++++
 roles/ufw/vars/default.yaml    |  0
 5 files changed, 44 insertions(+)
 create mode 100644 roles/ufw/defaults/main.yaml
 create mode 100644 roles/ufw/tasks/configure.yaml
 create mode 100644 roles/ufw/tasks/default.yaml
 create mode 100644 roles/ufw/tasks/main.yaml
 create mode 100644 roles/ufw/vars/default.yaml

diff --git a/roles/ufw/defaults/main.yaml b/roles/ufw/defaults/main.yaml
new file mode 100644
index 0000000..a14d001
--- /dev/null
+++ b/roles/ufw/defaults/main.yaml
@@ -0,0 +1,6 @@
+---
+# ufw_state: enabled
+# ufw_policy: allow
+ufw_rules:
+  - port: ssh
+    rule: allow
diff --git a/roles/ufw/tasks/configure.yaml b/roles/ufw/tasks/configure.yaml
new file mode 100644
index 0000000..1952ce1
--- /dev/null
+++ b/roles/ufw/tasks/configure.yaml
@@ -0,0 +1,12 @@
+---
+- name: set ufw state
+  community.general.ufw:
+    state: "{{ ufw_state | default('enabled') }}"
+    policy: "{{ ufw_policy | default('allow') }}"
+
+- name: configure rules
+  community.general.ufw:
+    port: "{{ item.port | default(omit) }}"
+    proto: "{{ item.proto | default(omit) }}"
+    rule: "{{ item.rule | default(omit) }}"
+  loop: "{{ ufw_rules | default([]) }}"
diff --git a/roles/ufw/tasks/default.yaml b/roles/ufw/tasks/default.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/ufw/tasks/main.yaml b/roles/ufw/tasks/main.yaml
new file mode 100644
index 0000000..83e9fe2
--- /dev/null
+++ b/roles/ufw/tasks/main.yaml
@@ -0,0 +1,26 @@
+---
+- name: gather OS specific variables
+  ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: run os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- include_tasks: configure.yaml
diff --git a/roles/ufw/vars/default.yaml b/roles/ufw/vars/default.yaml
new file mode 100644
index 0000000..e69de29