# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---
- name: Install and enable firewall
  hosts: all
  remote_user: atm
  pre_tasks:
    - name: Ensure all VMs are reachable
      ansible.builtin.ping:

  tasks:
    - name: Update all packages
      become: true
      ansible.builtin.apt:
        update_cache: true
        upgrade: safe

    - name: Install git, zip, nginx, wget, curl & other utils
      become: true
      ansible.builtin.apt:
        update_cache: true
        pkg:
          - git
          - wget
          - curl
          - gpg
          - ca-certificates
          - ntp
          - zip
          - python3-pip
          - virtualenv
          - ufw
          - python3-setuptools


    - name: Set logging
      become: true
      community.general.ufw:
        logging: "on"

    - name: Allow port 22 and enable UFW
      become: true
      community.general.ufw:
        state: enabled
        rule: allow
        proto: tcp
        port: "22"


    - name: Enable and start ufw service
      become: true
      ansible.builtin.service:
        name: ufw
        enabled: true
        state: started

    - name: Enable and start ufw service
      become: true
      ansible.builtin.service:
        name: ntp
        enabled: true
        state: started