- name: Install UFW
  apt:
    name:
      - ufw
    state: latest
    install_recommends: false

# ----------------------------------------------------------------------------------------------------

- name: Copy user.rules
  template:
    src: "user.rules.j2"
    dest: "/etc/ufw/user.rules"
    owner: root
    group: root
    mode: 0640

- name: Copy user6.rules
  template:
    src: "user6.rules.j2"
    dest: "/etc/ufw/user6.rules"
    owner: root
    group: root
    mode: 0640

# ----------------------------------------------------------------------------------------------------

- name: Copy user.rules (node-specific)
  template:
    src: "{{inventory_hostname}}.user.rules.j2"
    dest: "/etc/ufw/user.rules"
    owner: root
    group: root
    mode: 0640
  ignore_errors: true
  no_log: true

- name: Copy user6.rules (node-specific)
  template:
    src: "{{inventory_hostname}}.user6.rules.j2"
    dest: "/etc/ufw/user6.rules"
    owner: root
    group: root
    mode: 0640
  ignore_errors: true
  no_log: true

# ----------------------------------------------------------------------------------------------------

- name: UFW default deny routed
  community.general.ufw:
    default: deny
    direction: routed

- name: UFW default deny incoming
  community.general.ufw:
    default: deny
    direction: incoming

- name: UFW default allow outgoing
  community.general.ufw:
    default: allow
    direction: outgoing

# ----------------------------------------------------------------------------------------------------

- name: UFW enable
  community.general.ufw:
    state: enabled

- name: UFW reload
  community.general.ufw:
    state: reloaded