feat: add firewall rules for nginx and wireguard

playbooks/main.yml

@@ -7,3 +7,4 @@
     - common
     - podman # Ensure podman is configured before network
     - network
+    - wireguard

playbooks/roles/network/handlers/main.yml

@@ -1,5 +1,5 @@
----
+- name: Reload firewalld
-- name: Restart Nginx
+  ansible.builtin.systemd:
-  ansible.builtin.shell:
+    name: firewalld
-    cmd: podman restart {{ nginx_proxy_manager_container_name }}
+    state: reloaded
   become: true

playbooks/roles/network/tasks/main.yml

@@ -5,4 +5,16 @@
     owner: root
     group: root
     mode: '0644'
-  become: true
+  become: true
+
+- name: Open firewall ports for web traffic
+  ansible.posix.firewalld:
+    port: "{{ item }}"
+    permanent: true
+    state: enabled
+    zone: public
+  loop:
+    - 80/tcp
+    - 443/tcp
+  notify: Reload firewalld
+  become: true

playbooks/roles/wireguard/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: Reload firewalld
+  ansible.builtin.systemd:
+    name: firewalld
+    state: reloaded
+  become: true

playbooks/roles/wireguard/tasks/main.yml

@@ -0,0 +1,8 @@
+- name: Open firewall port for Wireguard
+  ansible.posix.firewalld:
+    port: 51820/udp
+    permanent: true
+    state: enabled
+    zone: public
+  notify: Reload firewalld
+  become: true