- name: Nginx
  hosts: pi
  become: true
  tasks:
    - name: Install ufw
      ansible.builtin.apt:
        name: ufw
        state: present

    - name: Allow SSH
      community.general.ufw:
        rule: allow
        name: OpenSSH

    - name: UFW - Allow HTTP connections
      community.general.ufw:
        rule: allow
        port: "80"
        proto: tcp

    - name: UFW - Allow HTTPS connections
      community.general.ufw:
        rule: allow
        port: "443"
        proto: tcp

    - name: UFW - Enable and deny by default
      community.general.ufw:
        state: enabled
        default: deny

    - name: UFW - Reload firewall
      changed_when: true
      ansible.builtin.command: ufw reload