---
- name: Setup firewall with UFW
  community.general.ufw: 
    state: enabled
    policy: deny
- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - 22     # Gitea SSH
    - 80     # HTTP
    - 443    # HTTPS
    - 389    # OpenLDAP
    - 636    # OpenLDAP
    - 25     # Email
    - 465    # Email
    - 587    # Email
    - 993    # Email
    - 19022  # SSH