From 75b8a003d4842f0b560e7956a14d9e87117a154f Mon Sep 17 00:00:00 2001
From: "Antonio J. Delgado" <ad@susurrando.com>
Date: Sun, 19 Mar 2023 17:49:19 +0200
Subject: [PATCH] add handle of ufw

---
 defaults/main.yml   | 4 ++++
 tasks/configure.yml | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e13c2a1..6ed5156 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,3 +2,7 @@
 # Default values for variables of the role
 # variable_name: value
 motion_config: {}
+handle_ufw: false
+localnetworks:
+  - 192.168.1.0/24
+  - 192.168.2.0/24
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 88e2327..7e995e0 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -97,12 +97,16 @@
       ufw:
         rule: allow
         port: "{{ item.stream_port }}"
-      loop: "{{ motion_config['cameras'] | selectattr('stream_port', 'defined') }}"
+      with: "{{ motion_config['cameras'] | selectattr('stream_port', 'defined') }}"
+      when: handle_ufw
 
     - name: Enable motion web control in ufw
       ufw:
         rule: allow
+        from_ip: "{{ item }}"
         port: "{{ motion_config['webcontrol_port'] }}"
+      with: "{{ localnetworks }}"
+      when: handle_ufw
 
     - name: Ensure motion can read signal configuration
       ansible.posix.acl: