Define open ports in global variable file

2023-07-22 16:15:04 +02:00 · 2023-07-22 16:15:04 +02:00 · cdae01a6eb
parent f399d9c1ca
commit cdae01a6eb
2 changed files with 11 additions and 9 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -21,3 +21,11 @@ users:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBN7XhL364LZ4rnEnmpV59Qehw3ldqEb7XX5DWTAb/XH cicd
      - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
+
+open_ports:
+  - { port: '22', proto: 'tcp', comment: 'SSH' }
+  - { port: '80', proto: 'tcp', comment: 'HTTP' }
+  - { port: '443', proto: 'tcp', comment: 'HTTPS' }
+  - { port: '5223', proto: 'tcp', comment: 'SMP server' }
+  - { port: '5443', proto: 'tcp', comment: 'XFTP server' }
+  - { port: '10000', proto: 'udp', comment: 'Jitsi Videobridge' }
--- a/roles/os_config/tasks/firewall.yml
+++ b/roles/os_config/tasks/firewall.yml
@ -4,15 +4,9 @@
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
-    proto: "{{ item.proto | default('tcp') }}"
-  loop:
-    - port: '22'    # SSH
-    - port: '80'    # HTTP
-    - port: '443'   # HTTPS
-    - port: '5223'  # SMP server
-    - port: '5443'  # XFTP server
-    - port: '10000' # Jitsi Videobridge
-      proto: udp
+    proto: "{{ item.proto }}"
+    comment: "{{ item.comment }}"
+  loop: "{{ open_ports }}"

 - name: Enable UFW
  community.general.ufw: