---
- name: Setup firewall with UFW
  community.general.ufw: 
    state: enabled
    policy: deny
- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
    proto: "{{ item.proto }}"
  loop:
    # Gitea SSH
    - port: 22
      proto: "tcp"  
    # HTTP
    - port: 80
      proto: "tcp"
    # HTTPS
    - port: 443
      proto: "tcp"
    # OpenLDAP
    - port: 389
      proto: "tcp"
    # OpenLDAP
    - port: 636
      proto: "tcp"
    # Email
    - port: 25
      proto: "tcp"
    # Email
    - port: 465
      proto: "tcp"
    # Email
    - port: 587
      proto: "tcp"
    # Email
    - port: 993
      proto: "tcp"
    # SSH
    - port: 19022
      proto: "tcp"