From 4058d2b108bf758b8318490ff35fff0ba085bb31 Mon Sep 17 00:00:00 2001 From: bee Date: Mon, 27 Apr 2026 17:22:33 +0200 Subject: [PATCH] added ufw --- .vscode/tasks.json | 10 ++++++++++ playbooks/ufw/ufw.yml | 34 ++++++++++++++++++++++++++++++++++ requirements.yml | 2 ++ 3 files changed, 46 insertions(+) create mode 100644 playbooks/ufw/ufw.yml create mode 100644 requirements.yml diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 1c5e755..7ed9687 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -50,6 +50,16 @@ "panel": "dedicated" } }, + { + "label": "Deploy: ufw", + "type": "shell", + "command": "make deploy-ufw", + "group": "build", + "presentation": { + "reveal": "always", + "panel": "dedicated" + } + }, { "label": "Build & Push: postfix", "type": "shell", diff --git a/playbooks/ufw/ufw.yml b/playbooks/ufw/ufw.yml new file mode 100644 index 0000000..244c592 --- /dev/null +++ b/playbooks/ufw/ufw.yml @@ -0,0 +1,34 @@ +- name: Nginx + hosts: pi + become: true + tasks: + - name: Install ufw + ansible.builtin.apt: + name: ufw + state: present + + - name: Allow SSH + community.general.ufw: + rule: allow + name: OpenSSH + + - name: UFW - Allow HTTP connections + community.general.ufw: + rule: allow + port: "80" + proto: tcp + + - name: UFW - Allow HTTPS connections + community.general.ufw: + rule: allow + port: "443" + proto: tcp + + - name: UFW - Enable and deny by default + community.general.ufw: + state: enabled + default: deny + + - name: UFW - Reload firewall + changed_when: true + ansible.builtin.command: ufw reload diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..72fe72d --- /dev/null +++ b/requirements.yml @@ -0,0 +1,2 @@ +collections: + - name: community.general