# vim: ft=yaml.ansible
---
- name: Allow necessary ports in UFW
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
    proto: "{{ item.proto | default('tcp') }}"
  loop:
    - port: '22'     # SSH
    - port: '80'     # HTTP
    - port: '443'    # HTTPS
    - port: '18080'  # monerod P2P
    - port: '18089'  # monerod RPC
    - port: '51820'  # Wireguard
      proto: udp

- name: Enable UFW
  community.general.ufw:
    state: enabled
    policy: deny