From f9d0a7ebf4b8083e4f62d744be54f2c3013f135f Mon Sep 17 00:00:00 2001 From: "Rasmus \"Pez\" Wejlgaard" Date: Sun, 29 Mar 2026 10:53:54 +0100 Subject: [PATCH] fix: resolve UFW ansible-lint failures and deploy error (#11) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix 'interface_or_direction' → 'direction' (required param for ufw module) - Rename ufw_enabled/ufw_allowed_ports → common_ufw_enabled/common_ufw_allowed_ports (role prefix convention) - Fix yaml[braces] violations in helsinki-a host_vars --- ansible/inventory/host_vars/helsinki-a.yml | 6 +++--- ansible/roles/common/defaults/main.yml | 10 +++++----- ansible/roles/common/tasks/main.yml | 18 +++++++++--------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/ansible/inventory/host_vars/helsinki-a.yml b/ansible/inventory/host_vars/helsinki-a.yml index 418aee7..6c9de61 100644 --- a/ansible/inventory/host_vars/helsinki-a.yml +++ b/ansible/inventory/host_vars/helsinki-a.yml @@ -10,6 +10,6 @@ docker_services: - forgejo - bitwarden -ufw_allowed_ports: - - { port: 80, proto: tcp, comment: "HTTP" } - - { port: 443, proto: tcp, comment: "HTTPS" } +common_ufw_allowed_ports: + - {port: 80, proto: tcp, comment: "HTTP"} + - {port: 443, proto: tcp, comment: "HTTPS"} diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml index 8249b70..a7a9fb7 100644 --- a/ansible/roles/common/defaults/main.yml +++ b/ansible/roles/common/defaults/main.yml @@ -1,7 +1,7 @@ --- # UFW firewall defaults -# Override ufw_allowed_ports in host_vars for public-facing services. -ufw_enabled: true -ufw_allowed_ports: [] -# - { port: 80, proto: tcp, comment: "HTTP" } -# - { port: 443, proto: tcp, comment: "HTTPS" } +# Override common_ufw_allowed_ports in host_vars for public-facing services. +common_ufw_enabled: true +common_ufw_allowed_ports: [] +# - {port: 80, proto: tcp, comment: "HTTP"} +# - {port: 443, proto: tcp, comment: "HTTPS"} diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 9cde5e2..9897495 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -109,7 +109,7 @@ default: deny when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool + - common_ufw_enabled | bool notify: Reload ufw - name: Set UFW default allow outgoing @@ -118,18 +118,18 @@ default: allow when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool + - common_ufw_enabled | bool notify: Reload ufw - name: Allow all traffic on Tailscale interface community.general.ufw: rule: allow - interface_or_direction: in + direction: in interface: tailscale0 comment: "Tailscale mesh - allow all" when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool + - common_ufw_enabled | bool notify: Reload ufw - name: Allow SSH (safety net) @@ -140,7 +140,7 @@ comment: "SSH" when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool + - common_ufw_enabled | bool notify: Reload ufw - name: Allow host-specific ports @@ -149,11 +149,11 @@ port: "{{ item.port | string }}" proto: "{{ item.proto | default('tcp') }}" comment: "{{ item.comment | default(omit) }}" - loop: "{{ ufw_allowed_ports }}" + loop: "{{ common_ufw_allowed_ports }}" when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool - - ufw_allowed_ports | length > 0 + - common_ufw_enabled | bool + - common_ufw_allowed_ports | length > 0 notify: Reload ufw - name: Enable UFW @@ -161,4 +161,4 @@ state: enabled when: - ansible_facts["os_family"] == "Debian" - - ufw_enabled | bool + - common_ufw_enabled | bool