- name: Install ufw
  ansible.builtin.apt:
    update_cache: yes
    pkg:
      - ufw

- name: Allow everything and enable UFW
  community.general.ufw:
    state: enabled
    policy: deny

- name: Allow ports
  community.general.ufw:
    rule: allow
    port: "{{ item | int }}"
  loop:
    - "{{ secret_ssh_port }}"
    - "{{ wireguard.port }}"
    - 110
    - 143
    - 22
    - 25
    - 443
    - 465
    - 587
    - 80
    - 993
    - 995

- name: Endlessh
  community.docker.docker_container:
    name: endlessh
    pull: yes
    restart_policy: unless-stopped
    recreate: yes
    env:
      PUID: "{{ users.0.uid }}"
      PGID: "{{ users.0.gid }}"
      TZ: "{{ ntp_timezone }}"
    image: lscr.io/linuxserver/endlessh
    ports:
      - "22:2222"
    tmpfs:
      - /config