---
- name: Setup firewall with UFW
  community.general.ufw: 
    state: enabled
    policy: deny
- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "22/tcp"     # Gitea SSH
    - "80/tcp"     # HTTP
    - "443/tcp"    # HTTPS
    - "389/tcp"    # OpenLDAP
    - "636/tcp"    # OpenLDAP
    - "25/tcp"     # Email
    - "465/tcp"    # Email
    - "587/tcp"    # Email
    - "993/tcp"    # Email
    - "19022/tcp"  # SSH