feat: add ufw rule

plays/pearl.yml

@@ -5,7 +5,7 @@
   roles:
     - 'any.common.python'
     - 'any.common.ssh'
-  tags: [base, first]
+  tags: first
 
 - hosts: pearl
   become: true
@@ -13,7 +13,7 @@
     - 'any.common.debian-repositories'
     - 'any.common.debian-user'
     - 'any.tools.default'
-    - 'any.tools.docker'
+    - 'any.tools.ufw'
     - 'any.tools.restic'
     - 'any.tools.caddy'
   tags: base

roles/any.tools.caddy/tasks/main.yml

@@ -34,3 +34,10 @@
     state: started
     enabled: true
 
+- name: Open HTTP ports in firewall
+  community.general.ufw:
+    port: '{{ item }}'
+    rule: 'allow'
+  loop:
+    - 'http'
+    - 'https'

roles/any.tools.ufw/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: Ensure UFW is installed
+  apt:
+    name: ufw
+    state: present
+
+- name: Set default policy to deny
+  community.general.ufw:
+    default: 'deny'
+
+- name: Allow SSH connections
+  community.general.ufw:
+    port: 2222
+    rule: 'allow'
+
+- name: Ensure UFW is enabled
+  community.general.ufw:
+    state: 'enabled'