---
- name: Allow port 22
  community.general.ufw:
    rule: allow
    port: '22'
    proto: tcp

- name: Allow port 80
  community.general.ufw:
    rule: allow
    port: '80'
    proto: tcp

- name: Allow port 443
  community.general.ufw:
    rule: allow
    port: '443'
    proto: tcp

- name: Allow port 6881
  community.general.ufw:
    rule: allow
    port: '6881'
    proto: tcp

- name: Allow port 6881/udp
  community.general.ufw:
    rule: allow
    port: '6881'
    proto: udp

- name: Startup UFW
  community.general.ufw:
    state: enabled

- name: Copy fail2ban jail config
  copy:
    src: static/fail2ban/jails.local
    dest: /etc/fail2ban/jail.d/jails.local

- name: Enable fail2ban service
  systemd:
    name: fail2ban
    enabled: yes
    state: started