snackpot.yml - set up networking on server

roles/root_sudoers/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# Enables a sudoer group
+# (Debianoid specific)
+
+root_sudoers_group: sudo

roles/root_sudoers/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Install sudo on debian
+  apt:
+    name: sudo
+    update_cache: yes
+    
+- name: configure sudo to allow root access for {{root_sudoers_group}} members
+  template:
+    dest: '/etc/sudoers.d/allow-sudoing'
+    src: 'sudoers.d/allow-sudoing.j2'
+    owner: root
+    group: root
+    mode: 0440
+    backup: no
+

roles/root_sudoers/templates/sudoers.d/allow-sudoing.j2

@@ -0,0 +1,2 @@
+## Allows people in this group to run all commands
+%{{ root_sudoers_group }}  ALL=(ALL)       ALL

roles/ufw/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+# A list of ports to allow incomming connections on
+ufw_allow_in: [22]

roles/ufw/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- name: install base packages
+  apt:
+    name: ufw
+    state: present
+    update_cache: true
+
+- name: deny all incoming traffic
+  ufw:
+    policy: deny
+    direction: incoming
+
+- name: allow all outgoing traffic
+  ufw:
+    policy: allow
+    direction: outgoing
+
+- name: allow incoming traffic for ssh and web server
+  ufw:
+    rule: allow
+    direction: in
+    to_port: "{{ item }}"
+    proto: tcp
+  with_items: "{{ ufw_allow_in }}"
+
+- name: enable ufw
+  ufw:
+    state: enabled