Added ufw config

roles/net-security/tasks/main.yml

@@ -1,6 +1,8 @@
-- name: Install fail2ban.
+- name: Install fail2ban & ufw.
   apt:
-    name: fail2ban
+    name:
+      - fail2ban
+      - ufw
     state: present
 
 # TODO add proper fail2ban config
@@ -11,4 +13,18 @@
     state: started
     enabled: true
 
-# TODO install UFW
+- name: Ensure ufw is started & enabled.
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
+
+- name: Allow SSH connections.
+  community.general.ufw:
+    rule: allow
+    port: 2222
+
+- name: Block everything else by default & enable firewall.
+  community.general.ufw:
+    default: deny
+    state: enabled

roles/traefik-deploy/templates/traefik.yml.j2

@@ -10,9 +10,6 @@ entryPoints:
   websecure:
     address: ":443"
 
-api:
-  insecure: true
-
 providers:
   docker:
     swarmMode: true