44 lines
722 B
YAML
44 lines
722 B
YAML
- name: Install Debian packages
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-compose-plugin
|
|
- ufw
|
|
state: latest
|
|
|
|
- name: Upgrade Debian packages
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
autoremove: yes
|
|
state: latest
|
|
register: apt_upgrades
|
|
|
|
- name: Allow SSH
|
|
become: yes
|
|
ufw:
|
|
rule: allow
|
|
name: OpenSSH
|
|
|
|
- name: Allow Web
|
|
become: yes
|
|
ufw:
|
|
rule: allow
|
|
name: WWW Full
|
|
|
|
- name: Enable Firewall
|
|
become: yes
|
|
ufw:
|
|
state: enabled
|
|
policy: reject
|
|
direction: incoming
|
|
logging: on
|
|
|
|
- name: Reboot if needed
|
|
become: yes
|
|
ansible.builtin.reboot:
|
|
when: apt_upgrades.changed
|