Set SSH UFW rule via role default

2026-02-24 00:50:20 -05:00
parent 929d549217
commit 7404bab63f
2 changed files with 3 additions and 2 deletions
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -23,3 +23,4 @@ base_packages:


 base_scripts: /srv/.scripts
+base_ssh_ufw_rule: limit
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@@ -18,10 +18,10 @@
    default: allow
    direction: outgoing

- name: Allow OpenSSH with rate limiting
+- name: "{{ base_ssh_ufw_rule | capitalize }} OpenSSH"
  community.general.ufw:
    name: ssh
-    rule: limit
+    rule: "{{ base_ssh_ufw_rule | default('limit') }}"

 - name: Remove Fail2ban defaults-debian.conf
  ansible.builtin.file: