Fix WireGuard firewall rule

- Ignored .vscode
- Added firewall exclusion option
- Allowed guest access in Samba

.gitignore

@@ -1,3 +1,4 @@
-.vagrant
 .playbook
-/environments/
+.vagrant
+.vscode
+/environments/

roles/base/defaults/main.yml

@@ -1,6 +1,7 @@
+allow_reboot: true
+manage_firewall: true
 manage_network: false
 network_type: static
-allow_reboot: true
 
 packages:
   - apache2-utils

roles/base/tasks/main.yml

@@ -9,6 +9,7 @@
 - name: Import Firewall tasks
   ansible.builtin.import_tasks: firewall.yml
   tags: firewall
+  when: manage_firewall
 
 - name: Import Network tasks
   ansible.builtin.import_tasks: network.yml

roles/base/tasks/samba.yml

@@ -50,3 +50,4 @@
     from: "{{ item }}"
     state: enabled
   loop: "{{ samba.firewall }}"
+  when: manage_firewall

roles/base/tasks/wireguard.yml

@@ -35,5 +35,5 @@
   community.general.ufw:
     rule: allow
     port: "{{ wireguard.listenport }}"
-    proto: tcp
+    proto: udp
   when: wireguard.listenport is defined

roles/base/templates/smb.conf.j2

@@ -13,7 +13,16 @@
 [{{ share.name }}]
    path = {{ share.path }}
    browsable = yes
+{% if share.guest_allow is defined and share.guest_allow %}
+   guest ok = yes
+{% else %}
    guest ok = no
+{% endif %}
    read only = {{ 'yes' if share.read_only | default(false) else 'no' }}
+{% if share.valid_users is defined %}
    valid users = {{ share.valid_users }}
+{% endif %}
+{% if share.force_user is defined %}
+   force user = {{ share.force_user }}
+{% endif %}
 {% endfor %}