---
# - hosts: all
#   tasks:
#     - name: Print message
#       debug:
#         msg: Hello Ansible World

- hosts: all
  become: true

  tasks:
    ## Docker
    #
    - name: Add Docker GPG apt Key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present

    - name: Add Docker Repository
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu jammy stable
        state: present

    - name: Update apt and install docker-ce
      apt:
        name: docker-ce
        state: latest
        update_cache: true

    - name: install pip3
      apt:
        name: python3-pip
        state: latest


    - name: add docker rules to ufw
      blockinfile:
        path: /etc/ufw/after.rules 
        marker_begin: BEGIN UFW AND DOCKER
        marker_end: END UFW AND DOCKER
        state: present
        block: "{{ lookup('ansible.builtin.file', 'ufw-docker.rules') }}"
      tags:
        - ufw

    - name: open ports
      community.general.ufw:
        rule: allow
        proto: "{{ item[1] }}"
        port: "{{ item[0] }}"
        route: "{{ item[2] | default(omit) }}"
      loop:
        - [ 80, 'tcp', true ]     # traefik
        - [ 443, 'tcp', true ]    # traefik
        - [ 25, 'tcp', true ]     # smtp ntfy
        - [ 51820, 'udp', true ]  # wireguard
        - [ 53, 'udp', true ]  # technitium, dns
        - [ 53, 'tcp', true ]  # technitium, dns
        # - [ 1935, 'udp', true ] # owncast
        # - [ 1935, 'tcp', true ] # owncast
        - [ 2222, 'tcp', true ] # forgejo
        - [ 22, 'tcp', true ] # forgejo
      tags:
        - ufw


    - name: open all for own hosts
      community.general.ufw:
        rule: allow
        from: "{{ item }}"
      loop:
        - 37.27.176.103 # muh.anyops.de
          #        - 10.201.201.2 # wireguard
      tags:
        - ufw