45 lines
784 B
YAML
45 lines
784 B
YAML
|
- name: Install ufw
|
||
|
ansible.builtin.apt:
|
||
|
update_cache: yes
|
||
|
pkg:
|
||
|
- ufw
|
||
|
|
||
|
- name: Allow everything and enable UFW
|
||
|
community.general.ufw:
|
||
|
state: enabled
|
||
|
policy: deny
|
||
|
|
||
|
- name: Allow ports
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
port: "{{ item | int }}"
|
||
|
loop:
|
||
|
- "{{ secret_ssh_port }}"
|
||
|
- "{{ wireguard.port }}"
|
||
|
- 110
|
||
|
- 143
|
||
|
- 22
|
||
|
- 25
|
||
|
- 443
|
||
|
- 465
|
||
|
- 587
|
||
|
- 80
|
||
|
- 993
|
||
|
- 995
|
||
|
|
||
|
- name: Endlessh
|
||
|
community.docker.docker_container:
|
||
|
name: endlessh
|
||
|
pull: yes
|
||
|
restart_policy: unless-stopped
|
||
|
recreate: yes
|
||
|
env:
|
||
|
PUID: "{{ users.0.uid }}"
|
||
|
PGID: "{{ users.0.gid }}"
|
||
|
TZ: "{{ ntp_timezone }}"
|
||
|
image: lscr.io/linuxserver/endlessh
|
||
|
ports:
|
||
|
- "22:2222"
|
||
|
tmpfs:
|
||
|
- /config
|