fix: retry to apply fw rules

2025-12-09 00:28:16 +01:00 · 2025-12-09 00:28:16 +01:00 · 9b08cf95eb
commit 9b08cf95eb
parent 1e7f05a29e
8 changed files with 37 additions and 0 deletions
--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@ -37,3 +37,7 @@
    direction: in
    comment: "Network File System (NFS)"
  with_items: "{{ nfs_server_firewall_allowed_sources | default([]) }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -53,6 +53,10 @@
    port: "80"
    proto: tcp
    comment: Nginx HTTP
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
 - name: Allow HTTPS traffic through firewall
  community.general.ufw:
@ -60,6 +64,10 @@
    port: "443"
    proto: tcp
    comment: Nginx HTTPS
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
 - name: Enable and start nginx service
  ansible.builtin.systemd:
--- a/roles/ntpd/tasks/main.yml
+++ b/roles/ntpd/tasks/main.yml
@ -47,3 +47,7 @@
    direction: in
    comment: "NTP traffic"
  loop: "{{ ntp_firewall_allowed_sources | default([]) }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
--- a/roles/podman/tasks/main.yml
+++ b/roles/podman/tasks/main.yml
@ -7,6 +7,11 @@
      - crun
    state: present
 - name: Enable Podman service
  ansible.builtin.systemd:
    name: podman.service
    enabled: true
 - name: Create projects directory
  ansible.builtin.file:
    path: "{{ podman_projects_dir }}"
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@ -66,6 +66,10 @@
    direction: in
    comment: "PostgreSQL"
  loop: "{{ postgres_firewall_allowed_sources }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
 - name: Enable and start PostgreSQL service
  ansible.builtin.systemd:
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@ -154,3 +154,7 @@
    src: "{{ item }}"
    direction: in
  loop: "{{ unbound_firewall_allowed_sources | default([]) }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
--- a/roles/valkey/tasks/main.yml
+++ b/roles/valkey/tasks/main.yml
@ -56,3 +56,7 @@
    direction: in
    comment: "Valkey"
  loop: "{{ valkey_firewall_allowed_sources }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@ -53,6 +53,10 @@
    proto: udp
    direction: in
    comment: Wireguard VPN
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded
 - name: Start and enable service
  ansible.builtin.service: