first commit

2026-03-15 19:58:46 +01:00
commit bbc4e4da65
32 changed files with 1854 additions and 0 deletions
--- a/roles/firewall/config.sh
+++ b/roles/firewall/config.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# Declarative firewall configuration with common + profile-specific rules
+source "$PROJECT_DIR/lib.sh"
+enable_strict_mode
+
+cat <<'EOM'
+
+=> Firewall configuration
+
+EOM
+
+ufw_initialize
+
+COMMON_RULES_FILE="$ROLE_DIR/firewall/rules.common.list"
+PROFILE_RULES_FILE="$ROLE_DIR/firewall/rules.${profile:-}.list"
+
+apply_ufw_rules_file "$COMMON_RULES_FILE"
+apply_ufw_rules_file "$PROFILE_RULES_FILE"
+
+ufw reload
+log_ok "Firewall rules applied"