---
- name: Setup firewall with UFW
  community.general.ufw:
    state: enabled
    policy: deny

- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: '{{ item.port }}'
    proto: "{{ item.proto | default('tcp') }}"
  loop:
    - port: 22 # Gitea SSH
    - port: 80 # HTTP
    - port: 443 # HTTPS
    - port: 389 # OpenLDAP
    - port: 636 # OpenLDAP
    - port: 25 # Email
    - port: 465 # Email
    - port: 587 # Email
    - port: 993 # Email
    - port: 19022 # SSH
  loop_control:
    loop_var: ubuntu_base_port