33 lines
729 B
YAML
33 lines
729 B
YAML
---
|
|
- name: Wait for APT Lock
|
|
ansible.builtin.include_tasks: shared/tasks/wait_apt.yml
|
|
|
|
- name: Install packages required for Firewall
|
|
ansible.builtin.apt:
|
|
name:
|
|
- ufw
|
|
install_recommends: false
|
|
|
|
- name: Get IP of Ansible controller
|
|
ansible.builtin.set_fact:
|
|
_ssh_client_ip: "{{ ansible_env.SSH_CLIENT.split(' ')[0] }}"
|
|
|
|
- name: Allow access to tcp port 22
|
|
community.general.ufw:
|
|
rule: allow
|
|
name: OpenSSH
|
|
src: "{{ item }}"
|
|
loop: "{{ ip_whitelist + [_ssh_client_ip] }}"
|
|
|
|
- name: Delete default SSH rule
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "22"
|
|
proto: tcp
|
|
delete: true
|
|
|
|
- name: Enable UFW, deny by default
|
|
community.general.ufw:
|
|
state: enabled
|
|
default: deny
|