pi-ansible/roles/os_config/tasks/firewall.yml

# vim: ft=yaml.ansible
---
- name: Allow necessary ports in UFW
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
    proto: "{{ item.proto | default('tcp') }}"
  loop:
    - port: '22'     # SSH
    - port: '53'     # Pi-hole
      proto: tcp
    - port: '53'     # Pi-hole
      proto: udp
    - port: '80'     # HTTP
    - port: '81'     # Pi-hole
    - port: '443'    # HTTPS
    - port: '18080'  # monerod P2P
    - port: '18089'  # monerod RPC
    - port: '51820'  # Wireguard
      proto: udp

- name: Enable UFW
  community.general.ufw:
    state: enabled
    policy: deny
Add os_config role 2022-12-22 19:18:27 +00:00			`# vim: ft=yaml.ansible`
			`---`
			`- name: Allow necessary ports in UFW`
Linting 2023-03-22 18:31:21 +00:00			`community.general.ufw:`
Add os_config role 2022-12-22 19:18:27 +00:00			`rule: allow`
			`port: "{{ item.port }}"`
			`proto: "{{ item.proto \| default('tcp') }}"`
			`loop:`
Remove unneeded quotes 2023-01-03 21:30:22 +00:00			`- port: '22' # SSH`
Add Pi-hole 2023-05-28 15:58:12 +00:00			`- port: '53' # Pi-hole`
			`proto: tcp`
			`- port: '53' # Pi-hole`
			`proto: udp`
Remove unneeded quotes 2023-01-03 21:30:22 +00:00			`- port: '80' # HTTP`
Add Pi-hole 2023-05-28 15:58:12 +00:00			`- port: '81' # Pi-hole`
Remove unneeded quotes 2023-01-03 21:30:22 +00:00			`- port: '443' # HTTPS`
			`- port: '18080' # monerod P2P`
			`- port: '18089' # monerod RPC`
			`- port: '51820' # Wireguard`
Add os_config role 2022-12-22 19:18:27 +00:00			`proto: udp`

			`- name: Enable UFW`
Linting 2023-03-22 18:31:21 +00:00			`community.general.ufw:`
Add os_config role 2022-12-22 19:18:27 +00:00			`state: enabled`
			`policy: deny`