vps-set-up-playbook/roles/ufw-opnxng/tasks/main.yaml

- name: Install UFW
  apt:
    name:
      - ufw
    state: latest
    install_recommends: false

# ----------------------------------------------------------------------------------------------------

- name: Copy user.rules
  template:
    src: "user.rules.j2"
    dest: "/etc/ufw/user.rules"
    owner: root
    group: root
    mode: 0640

- name: Copy user6.rules
  template:
    src: "user6.rules.j2"
    dest: "/etc/ufw/user6.rules"
    owner: root
    group: root
    mode: 0640

# ----------------------------------------------------------------------------------------------------

- name: Copy user.rules (node-specific)
  template:
    src: "{{inventory_hostname}}.user.rules.j2"
    dest: "/etc/ufw/user.rules"
    owner: root
    group: root
    mode: 0640
  ignore_errors: true
  no_log: true

- name: Copy user6.rules (node-specific)
  template:
    src: "{{inventory_hostname}}.user6.rules.j2"
    dest: "/etc/ufw/user6.rules"
    owner: root
    group: root
    mode: 0640
  ignore_errors: true
  no_log: true

# ----------------------------------------------------------------------------------------------------

- name: UFW default deny routed
  community.general.ufw:
    default: deny
    direction: routed

- name: UFW default deny incoming
  community.general.ufw:
    default: deny
    direction: incoming

- name: UFW default allow outgoing
  community.general.ufw:
    default: allow
    direction: outgoing

# ----------------------------------------------------------------------------------------------------

- name: UFW enable
  community.general.ufw:
    state: enabled
Added and fixed some roles 2023-11-13 11:47:39 +08:00			`- name: Install UFW`
			`apt:`
			`name:`
			`- ufw`
			`state: latest`
			`install_recommends: false`

			`# ----------------------------------------------------------------------------------------------------`

			`- name: Copy user.rules`
			`template:`
			`src: "user.rules.j2"`
			`dest: "/etc/ufw/user.rules"`
			`owner: root`
			`group: root`
			`mode: 0640`

			`- name: Copy user6.rules`
			`template:`
			`src: "user6.rules.j2"`
			`dest: "/etc/ufw/user6.rules"`
			`owner: root`
			`group: root`
			`mode: 0640`

			`# ----------------------------------------------------------------------------------------------------`

			`- name: Copy user.rules (node-specific)`
			`template:`
			`src: "{{inventory_hostname}}.user.rules.j2"`
			`dest: "/etc/ufw/user.rules"`
			`owner: root`
			`group: root`
			`mode: 0640`
			`ignore_errors: true`
			`no_log: true`

			`- name: Copy user6.rules (node-specific)`
			`template:`
			`src: "{{inventory_hostname}}.user6.rules.j2"`
			`dest: "/etc/ufw/user6.rules"`
			`owner: root`
			`group: root`
			`mode: 0640`
			`ignore_errors: true`
			`no_log: true`

			`# ----------------------------------------------------------------------------------------------------`

			`- name: UFW default deny routed`
			`community.general.ufw:`
			`default: deny`
			`direction: routed`

			`- name: UFW default deny incoming`
			`community.general.ufw:`
			`default: deny`
			`direction: incoming`

			`- name: UFW default allow outgoing`
			`community.general.ufw:`
			`default: allow`
			`direction: outgoing`

			`# ----------------------------------------------------------------------------------------------------`

			`- name: UFW enable`
			`community.general.ufw:`
			`state: enabled`