From 443b21c1cedfad7ba5fe4fac83dd9f638ab1fe4c Mon Sep 17 00:00:00 2001
From: Stefan Le Breton <who@cares.net>
Date: Mon, 10 Mar 2025 22:39:48 +0100
Subject: [PATCH] open some ports

---
 deploy.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/deploy.yml b/deploy.yml
index 2b44d10..0420a08 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -43,3 +43,33 @@
       tags:
         - ufw
 
+    - name: open ports
+      community.general.ufw:
+        rule: allow
+        proto: "{{ item[1] }}"
+        port: "{{ item[0] }}"
+        route: "{{ item[2] | default(omit) }}"
+      loop:
+        - [ 80, 'tcp', true ]     # traefik
+        - [ 443, 'tcp', true ]    # traefik
+        - [ 25, 'tcp', true ]     # smtp ntfy
+        - [ 51820, 'udp', true ]  # wireguard
+        - [ 53, 'udp', true ]  # technitium, dns
+        - [ 53, 'tcp', true ]  # technitium, dns
+        # - [ 1935, 'udp', true ] # owncast
+        # - [ 1935, 'tcp', true ] # owncast
+        - [ 2222, 'tcp', true ] # forgejo
+        - [ 22, 'tcp', true ] # forgejo
+      tags:
+        - ufw
+
+
+    - name: open all for own hosts
+      community.general.ufw:
+        rule: allow
+        from: "{{ item }}"
+      loop:
+        - 37.27.176.103 # muh.anyops.de
+          #        - 10.201.201.2 # wireguard
+      tags:
+        - ufw