Add role for ufw

2024-04-14 18:32:50 -05:00 · 2024-04-14 18:32:50 -05:00 · b45f8cf5dd
commit b45f8cf5dd
parent 7caf443b35
5 changed files with 44 additions and 0 deletions
--- a/roles/ufw/defaults/main.yaml
+++ b/roles/ufw/defaults/main.yaml
@ -0,0 +1,6 @@
 ---
 # ufw_state: enabled
 # ufw_policy: allow
 ufw_rules:
  - port: ssh
    rule: allow
--- a/roles/ufw/tasks/configure.yaml
+++ b/roles/ufw/tasks/configure.yaml
@ -0,0 +1,12 @@
 ---
 - name: set ufw state
  community.general.ufw:
    state: "{{ ufw_state | default('enabled') }}"
    policy: "{{ ufw_policy | default('allow') }}"
 - name: configure rules
  community.general.ufw:
    port: "{{ item.port | default(omit) }}"
    proto: "{{ item.proto | default(omit) }}"
    rule: "{{ item.rule | default(omit) }}"
  loop: "{{ ufw_rules | default([]) }}"
--- a/roles/ufw/tasks/default.yaml
+++ b/roles/ufw/tasks/default.yaml
--- a/roles/ufw/tasks/main.yaml
+++ b/roles/ufw/tasks/main.yaml
@ -0,0 +1,26 @@
 ---
 - name: gather OS specific variables
  ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
        - "{{ ansible_distribution }}.yaml"
        - "{{ ansible_os_family }}.yaml"
        - "default.yaml"
      paths:
        - vars
 - name: run os specific tasks
  ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
        - "{{ ansible_distribution }}.yaml"
        - "{{ ansible_os_family }}.yaml"
        - "default.yaml"
      paths:
        - tasks
 - include_tasks: configure.yaml
--- a/roles/ufw/vars/default.yaml
+++ b/roles/ufw/vars/default.yaml