deployment/ansible/roles/networking/tasks/main.yml

- name: Install fail2ban & ufw.
  apt:
    name:
      - fail2ban
      - ufw
    state: present

# TODO add proper fail2ban config

- name: Ensure fail2ban is started & enabled.
  service:
    name: fail2ban
    state: started
    enabled: true

- name: Ensure ufw is started & enabled.
  service:
    name: fail2ban
    state: started
    enabled: true

- name: Allow SSH connections.
  community.general.ufw:
    rule: allow
    port: 2222

- name: Open necessary ports for Docker swarm communication.
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - 2377  # cluster management communications
    - 7946  # communication among nodes
    - 4789  # overlay network traffic
    - 9001  # Portainer communication

# - name: Open up ports for proper IPv6 service communication
#   community.general.ufw:
#     rule: allow
#     port: "{{ item }}"
#   loop:
#     - 80  # HTTP
#     - 443  # HTTPS
#     - 8000 # Portainer edge communication

- name: Block everything else by default & enable firewall.
  community.general.ufw:
    default: deny
    state: enabled
Added ufw config 2021-12-12 16:36:49 +01:00			`- name: Install fail2ban & ufw.`
first part of config 2021-12-11 16:28:17 +01:00			`apt:`
Added ufw config 2021-12-12 16:36:49 +01:00			`name:`
			`- fail2ban`
			`- ufw`
first part of config 2021-12-11 16:28:17 +01:00			`state: present`

			`# TODO add proper fail2ban config`

			`- name: Ensure fail2ban is started & enabled.`
			`service:`
			`name: fail2ban`
			`state: started`
			`enabled: true`

Added ufw config 2021-12-12 16:36:49 +01:00			`- name: Ensure ufw is started & enabled.`
			`service:`
			`name: fail2ban`
			`state: started`
			`enabled: true`

			`- name: Allow SSH connections.`
			`community.general.ufw:`
			`rule: allow`
			`port: 2222`

Fixed some swarm-related bugs 2021-12-12 22:34:38 +01:00			`- name: Open necessary ports for Docker swarm communication.`
			`community.general.ufw:`
			`rule: allow`
			`port: "{{ item }}"`
			`loop:`
			`- 2377 # cluster management communications`
			`- 7946 # communication among nodes`
			`- 4789 # overlay network traffic`
Added another port 2021-12-12 23:39:06 +01:00			`- 9001 # Portainer communication`
Fixed some swarm-related bugs 2021-12-12 22:34:38 +01:00
Tried adding proper IPv6 support 2021-12-16 10:18:17 +01:00			`# - name: Open up ports for proper IPv6 service communication`
			`# community.general.ufw:`
			`# rule: allow`
			`# port: "{{ item }}"`
			`# loop:`
			`# - 80 # HTTP`
			`# - 443 # HTTPS`
			`# - 8000 # Portainer edge communication`

Added ufw config 2021-12-12 16:36:49 +01:00			`- name: Block everything else by default & enable firewall.`
			`community.general.ufw:`
			`default: deny`
			`state: enabled`