From 110bf148480dfe211ebcf282598a6d994723485d Mon Sep 17 00:00:00 2001
From: "Antonio J. Delgado" <ad@susurrando.com>
Date: Sun, 19 Mar 2023 17:49:08 +0200
Subject: [PATCH] add handle of ufw

---
 defaults/main.yml   | 3 +++
 tasks/configure.yml | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 57cce66..3c14448 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,3 +4,6 @@
 signal_data_folder: /var/lib/signal_api
 signal_api_port: 8080
 signal_container_image: bbernhard/signal-cli-rest-api
+handle_ufw: false
+localnetworks:
+  - 192.168.1.0/24
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 4692705..d52b2e0 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -24,11 +24,14 @@
   register: container
   ignore_errors: true
 
-- name: Ensure UFW allow traffic to exposed port
+- name: Ensure UFW allow traffic to exposed port from local network
   ufw:
     rule: allow
     route: true
+    from_ip: "{{ item }}"
     to_port: "{{ signal_api_port }}"
+  when: handle_ufw
+  with: "{{ localnetworks }}"
 
 - name: Generate service unit
   shell: podman generate systemd --new --name signal-api > /etc/systemd/system/podman_signal_api.service