snackpot.yml - set up networking on server

roles/ufw/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+# A list of ports to allow incomming connections on
+ufw_allow_in: [22]

roles/ufw/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- name: install base packages
+  apt:
+    name: ufw
+    state: present
+    update_cache: true
+
+- name: deny all incoming traffic
+  ufw:
+    policy: deny
+    direction: incoming
+
+- name: allow all outgoing traffic
+  ufw:
+    policy: allow
+    direction: outgoing
+
+- name: allow incoming traffic for ssh and web server
+  ufw:
+    rule: allow
+    direction: in
+    to_port: "{{ item }}"
+    proto: tcp
+  with_items: "{{ ufw_allow_in }}"
+
+- name: enable ufw
+  ufw:
+    state: enabled