RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 12:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/roles/common/handlers/main.yml
Rasmus Wejlgaard 339c08c5c2 Configure UFW firewall rules in common Ansible role 
Add UFW configuration to the common role for Debian hosts:
- Default deny incoming, allow outgoing
- Allow all traffic on tailscale0 interface (mesh comms)
- Allow SSH port 22 as safety net
- Per-host allowed ports via ufw_allowed_ports variable
- Enable UFW after rules are applied

helsinki-a gets ports 80/443 for reverse proxy traffic.
Other Debian hosts only need Tailscale + SSH.

Closes PESO-79
2026-03-29 09:07:42 +00:00

9 lines
153 B
YAML
Raw Blame History

---
- name: Restart sshd
ansible.builtin.service:
name: sshd
state: restarted
- name: Reload ufw
community.general.ufw:
state: reloaded
Reference in a new issue View git blame Copy permalink