- name: Generate Podman Compose file for Wireguard and Nginx
  template:
    src: podman-compose.j2
    dest: /opt/network/podman-compose.yml
    owner: root
    group: root
    mode: '0644'
  become: true

- name: Allow Nginx HTTP port
  ansible.posix.firewalld:
    port: 80/tcp
    permanent: true
    state: enabled
    immediate: true
  become: true

- name: Allow Nginx HTTPS port
  ansible.posix.firewalld:
    port: 443/tcp
    permanent: true
    state: enabled
    immediate: true
  become: true

- name: Allow Wireguard port
  ansible.posix.firewalld:
    port: 51820/udp
    permanent: true
    state: enabled
    immediate: true
  become: true