From 7404bab63f2ae42b35aa9b2966b34319c8f253f1 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Tue, 24 Feb 2026 00:50:20 -0500 Subject: [PATCH] Set SSH UFW rule via role default --- roles/base/defaults/main.yml | 1 + roles/base/tasks/firewall.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 65d5970..77b516f 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -23,3 +23,4 @@ base_packages: base_scripts: /srv/.scripts +base_ssh_ufw_rule: limit diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml index 22e394a..5d86b22 100644 --- a/roles/base/tasks/firewall.yml +++ b/roles/base/tasks/firewall.yml @@ -18,10 +18,10 @@ default: allow direction: outgoing -- name: Allow OpenSSH with rate limiting +- name: "{{ base_ssh_ufw_rule | capitalize }} OpenSSH" community.general.ufw: name: ssh - rule: limit + rule: "{{ base_ssh_ufw_rule | default('limit') }}" - name: Remove Fail2ban defaults-debian.conf ansible.builtin.file: