add firewall rules, fix typo

2025-12-30 18:18:55 -07:00
parent 223a4934be
commit 4fceede3b9
1 changed files with 33 additions and 1 deletions
--- a/ansible/roles/pangolin/tasks/main.yaml
+++ b/ansible/roles/pangolin/tasks/main.yaml
@@ -14,6 +14,38 @@
    state: present
    create_home: yes

+- name: Permanently enable http service (firewalld)
+  ansible.posix.firewalld:
+    service: http
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable https service (firewalld)
+  ansible.posix.firewalld:
+    service: https
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable wireguard service (firewalld)
+  ansible.posix.firewalld:
+    service: wireguard
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permit traffic in default zone on port 21820/udp
+  ansible.posix.firewalld:
+    port: 21820/udp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+
 - name: Install epel
  package:
    name: epel-release
@@ -33,7 +65,7 @@
  service:
    name: podman
    state: started
-    enable: true
+    enabled: true

 - name: Create pangolin config and logging directories
  file: