diff --git a/playbooks/main.yml b/playbooks/main.yml index b0124f9..db4ec69 100644 --- a/playbooks/main.yml +++ b/playbooks/main.yml @@ -7,3 +7,4 @@ - common - podman # Ensure podman is configured before network - network + - wireguard diff --git a/playbooks/roles/network/handlers/main.yml b/playbooks/roles/network/handlers/main.yml index 9509da4..4b663e7 100644 --- a/playbooks/roles/network/handlers/main.yml +++ b/playbooks/roles/network/handlers/main.yml @@ -1,5 +1,5 @@ ---- -- name: Restart Nginx - ansible.builtin.shell: - cmd: podman restart {{ nginx_proxy_manager_container_name }} +- name: Reload firewalld + ansible.builtin.systemd: + name: firewalld + state: reloaded become: true diff --git a/playbooks/roles/network/tasks/main.yml b/playbooks/roles/network/tasks/main.yml index edeb574..bdda958 100644 --- a/playbooks/roles/network/tasks/main.yml +++ b/playbooks/roles/network/tasks/main.yml @@ -5,4 +5,16 @@ owner: root group: root mode: '0644' - become: true \ No newline at end of file + become: true + +- name: Open firewall ports for web traffic + ansible.posix.firewalld: + port: "{{ item }}" + permanent: true + state: enabled + zone: public + loop: + - 80/tcp + - 443/tcp + notify: Reload firewalld + become: true diff --git a/playbooks/roles/wireguard/handlers/main.yml b/playbooks/roles/wireguard/handlers/main.yml new file mode 100644 index 0000000..1a657f5 --- /dev/null +++ b/playbooks/roles/wireguard/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Reload firewalld + ansible.builtin.systemd: + name: firewalld + state: reloaded + become: true \ No newline at end of file diff --git a/playbooks/roles/wireguard/tasks/main.yml b/playbooks/roles/wireguard/tasks/main.yml new file mode 100644 index 0000000..708a3db --- /dev/null +++ b/playbooks/roles/wireguard/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Open firewall port for Wireguard + ansible.posix.firewalld: + port: 51820/udp + permanent: true + state: enabled + zone: public + notify: Reload firewalld + become: true \ No newline at end of file