---
- name: Install required packages
  apt:
    name: "{{ item }}"
  loop:
    - curl
    - tree
    - syslog-ng
    - vsftpd
    - tftpd-hpa
    - ntp
    - ufw
  
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
  community.general.ufw:
    rule: allow
    direction: in
    port: "{{ item.port }}"
    proto: "{{ item.proto }}"
  loop:
    - port: '22'
      proto: tcp
    - port: '123'
      proto: udp
    - port: '514'
      proto: udp
    - port: '23'
      proto: tcp
    - port: '3389'
      proto: tcp
    - port: '69'
      proto: udp
    - port: '5140'
      proto: tcp
    - port: '5141'
      proto: tcp
    - port: '5142'
      proto: tcp

- name: UFW - Deny all other incoming traffic by default
  community.general.ufw:
    state: enabled
    policy: deny
    direction: incoming

- name: Block all IPv6 incoming connections
  community.general.ufw:
    rule: deny
    direction: in
    proto: ipv6

- name: Apply NTP configuration file
  ansible.builtin.copy:
    src: ./configuration_files/ntp.conf
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes