--- - name: Install required packages ansible.builtin.apt: name: "{{ item }}" loop: - curl - tree - ufw - ntp - tftpd-hpa - syslog-ng - vsftpd - name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP and TFTP connections community.general.ufw: rule: allow direction: in port: "{{ item.port }}" proto: "{{ item.proto }}" loop: - port: '22' proto: tcp - port: '123' proto: udp - port: '514' proto: udp - port: '23' proto: tcp - port: '3389' proto: tcp - port: '69' proto: udp - port: '5140' proto: tcp - port: '5141' proto: tcp - port: '5142' proto: tcp - name: Deny all other incoming IPv4 traffic community.general.ufw: state: enabled policy: deny direction: incoming - name: Block all IPv6 incoming connections community.general.ufw: rule: deny direction: in proto: ipv6 - name: Apply NTP configuration file ansible.builtin.copy: src: ntp.conf dest: /etc/ntp.conf owner: root group: root mode: '0644' backup: yes - name: Apply TFTP configuration file ansible.builtin.copy: src: tftpd-hpa dest: /etc/default/tftpd-hpa owner: root group: root mode: '0644' backup: yes - name: Create TFTP directory ansible.builtin.file: path: "/home/{{ ansible_user }}/Desktop/TFTP" state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0777' - name: Apply SYSLOG configuration file ansible.builtin.copy: src: syslog-ng-network-devices.conf dest: /etc/syslog-ng/conf.d/syslog-ng-network-devices.conf owner: root group: root mode: '0644' backup: yes - name: Apply FTP configuration file ansible.builtin.copy: src: vsftpd.conf dest: /etc/vsftpd.conf owner: root group: root mode: '0644' backup: yes - name: Enable installed services ansible.builtin.service: name: "{{ item }}" enabled: yes loop: - ntp - tftpd-hpa - syslog-ng - vsftpd