M group_vars/all/vars.yml → group_vars/all/vars.yml

@@ -5,5 +5,6 @@ - firefox
   - tmux
   - git
   - linux-lts
+  - ufw
 
 username: "{{ ansible_user }}"

M tasks/essential.yml → tasks/essential.yml

@@ -76,4 +76,24 @@
 - name: Write grub to MBR
   command: grub-install /dev/vda1
   when: grub_config.stat.exists == False
-        +
+- name: Enable and start ufw service
+  ansible.builtin.service:
+    name: "ufw"
+    enabled: yes
+    state: started
+
+- name: Allow SSH traffic
+  ufw:
+    rule: allow
+    name: SSH
+
+- name: Allow web traffic
+  ufw:
+    rule: allow
+    name: WWW Full
+
+- name: Deny everything else and enable UFW
+  ufw:
+    state: enabled
+    policy: deny