jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

doc: add more ufw comments

Browse Source
This commit is contained in:
Clément Désiles 2025-11-10 23:57:34 +01:00
parent cab15e590e
commit ba37edd498
No known key found for this signature in database
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
roles/fail2ban/tasks/main.yml
View File

@ -52,6 +52,16 @@
daemon_reload: true daemon_reload: true
when: not override_conf.stat.exists when: not override_conf.stat.exists
- name: Enable UFW
community.general.ufw:
state: enabled
- name: Enable UFW service at startup
ansible.builtin.systemd:
name: ufw
enabled: true
state: started
- name: Start and enable fail2ban - name: Start and enable fail2ban
ansible.builtin.service: ansible.builtin.service:
name: fail2ban name: fail2ban

15
roles/wireguard/tasks/main.yml
View File

@ -46,16 +46,17 @@
src: wireguard.conf.j2 src: wireguard.conf.j2
dest: /etc/wireguard/{{ wireguard_interface }}.conf dest: /etc/wireguard/{{ wireguard_interface }}.conf
- name: Start and enable service
ansible.builtin.service:
name: wg-quick@{{ wireguard_interface }}
state: started
enabled: true
daemon_reload: true
- name: Configure the firewall for wireguard - name: Configure the firewall for wireguard
community.general.ufw: community.general.ufw:
rule: allow rule: allow
port: "{{ wireguard_port }}" port: "{{ wireguard_port }}"
proto: udp proto: udp
direction: in direction: in
comment: Wireguard VPN
- name: Start and enable service
ansible.builtin.service:
name: wg-quick@{{ wireguard_interface }}
state: started
enabled: true
daemon_reload: true