Enable UFW across Ubuntu profiles

2026-05-30 15:39:58 +00:00 · 2026-03-25 21:44:13 +01:00
parent b75f52539e
commit fc67ba7d18
4 changed files with 27 additions and 0 deletions
--- a/ansible/inventory/group_vars/server.yml
+++ b/ansible/inventory/group_vars/server.yml
@@ -15,3 +15,7 @@ server_dotfiles:
  - src: duckdns/
    dest: duckdns/
    mode: preserve
+
+server_ufw_rules:
+  - rule: allow
+    name: OpenSSH
--- a/ansible/inventory/group_vars/ubuntu.yml
+++ b/ansible/inventory/group_vars/ubuntu.yml
@@ -1,6 +1,7 @@
 ---
 ubuntu_packages_base:
  - curl
+  - ufw
  - htop
  - fastfetch
  - build-essential
@@ -18,4 +19,5 @@ ubuntu_docker_packages:
  - docker-compose-plugin

 enabled_services:
+  - ufw
  - docker
--- a/ansible/roles/profile_server/tasks/main.yml
+++ b/ansible/roles/profile_server/tasks/main.yml
@@ -11,3 +11,19 @@
  loop: "{{ server_dotfiles | default([]) }}"
  loop_control:
    label: "{{ item.dest }}"
+
+- name: Apply server UFW rules
+  tags: [services, packages]
+  community.general.ufw:
+    rule: "{{ item.rule }}"
+    name: "{{ item.name | default(omit) }}"
+    port: "{{ item.port | default(omit) }}"
+    proto: "{{ item.proto | default(omit) }}"
+  loop: "{{ server_ufw_rules | default([]) }}"
+  loop_control:
+    label: "{{ item.name | default(item.port) }}"
+
+- name: Enable UFW firewall on server
+  tags: [services, packages]
+  community.general.ufw:
+    state: enabled
--- a/ansible/roles/profile_workstation_gnome/tasks/main.yml
+++ b/ansible/roles/profile_workstation_gnome/tasks/main.yml
@@ -251,3 +251,8 @@
  environment: "{{ workstation_gnome_environment }}"
  changed_when: workstation_gnome_extensions_state_changed
  when: workstation_gnome_extensions_state_changed
+
+- name: Enable UFW firewall on workstation
+  tags: [services, packages]
+  community.general.ufw:
+    state: enabled