---
- name: Install required packages
  ansible.builtin.apt:
    name: "{{ item }}"
  loop:
    - curl
    - tree
    - ufw
    - ntp
    - tftpd-hpa
    - syslog-ng
    - vsftpd
    - nfs-kernel-server
  
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP and TFTP connections
  community.general.ufw:
    rule: allow
    direction: in
    port: "{{ item.port }}"
    proto: "{{ item.proto }}"
  loop:
    - port: '22'
      proto: tcp
    - port: '123'
      proto: udp
    - port: '514'
      proto: udp
    - port: '23'
      proto: tcp
    - port: '3389'
      proto: tcp
    - port: '69'
      proto: udp
    - port: '5140'
      proto: tcp
    - port: '5141'
      proto: tcp
    - port: '5142'
      proto: tcp
    - port: '111'
      proto: tcp
    - port: '111'
      proto: udp
    - port: '2049'
      proto: tcp
    - port: '2049'
      proto: udp
    - port: '32767'
      proto: tcp
    - port: '32767'
      proto: udp
    

- name: Deny all other incoming IPv4 traffic
  community.general.ufw:
    state: enabled
    policy: deny
    direction: incoming

- name: Block all IPv6 incoming connections
  community.general.ufw:
    rule: deny
    direction: in
    proto: ipv6

- name: Apply NTP configuration file
  ansible.builtin.copy:
    src: ntp.conf
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Apply TFTP configuration file
  ansible.builtin.copy:
    src: tftpd-hpa
    dest: /etc/default/tftpd-hpa
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Create TFTP directory
  ansible.builtin.file:
    path: "/home/{{ ansible_user }}/Desktop/TFTP"
    state: directory
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0777'

- name: Apply SYSLOG configuration file
  ansible.builtin.copy:
    src: syslog-ng-network-devices.conf
    dest: /etc/syslog-ng/conf.d/syslog-ng-network-devices.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Apply FTP configuration file
  ansible.builtin.copy:
    src: vsftpd.conf
    dest: /etc/vsftpd.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Create FTP directory
  ansible.builtin.file:
    path: "/home/{{ ansible_user }}/Desktop/SFTP"
    state: directory
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0755'

- name: Create NFS directories
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: '0755'
  loop:
    - path: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP"
      owner: "nobody"
      group: "nogroup"
    - path: "/home/{{ ansible_user }}/Desktop/DNAC-SSH-BACKUP"
      owner: "{{ ansible_user }}"
      group: "{{ ansible_user }}"

- name: Apply NFS configuration lines
  ansible.builtin.lineinfile:
    path: /etc/exports 
    line: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP *(rw,all_squash,sync,no_subtree_check) "
    state: present

- name: Export file system to NFS server
  ansible.builtin.command: sudo exportfs -a

- name: Enable installed services
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: yes
  loop:
    - ntp
    - tftpd-hpa
    - syslog-ng
    - vsftpd
    - nfs-kernel-server