pi-ansible/roles/os_config/tasks/ufw.yml

# vim: ft=yaml.ansible
---
- name: Allow necessary ports in UFW
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
    proto: "{{ item.proto | default('tcp') }}"
  loop:
    - port: 22     # SSH
    - port: 80     # HTTP
    - port: 443    # HTTPS
    - port: 18080  # monerod P2P
    - port: 18089  # monerod RPC
    - port: 51820  # Wireguard
      proto: udp

- name: Enable UFW
  community.general.ufw: 
    state: enabled
    policy: deny
Add os_config role 2022-12-22 19:18:27 +00:00			`# vim: ft=yaml.ansible`
			`---`
			`- name: Allow necessary ports in UFW`
			`community.general.ufw:`
			`rule: allow`
			`port: "{{ item.port }}"`
			`proto: "{{ item.proto \| default('tcp') }}"`
			`loop:`
			`- port: 22 # SSH`
			`- port: 80 # HTTP`
			`- port: 443 # HTTPS`
			`- port: 18080 # monerod P2P`
			`- port: 18089 # monerod RPC`
			`- port: 51820 # Wireguard`
			`proto: udp`

			`- name: Enable UFW`
			`community.general.ufw:`
			`state: enabled`
			`policy: deny`