From 85fb26bf52eced4615cd68196e41aec65b9666ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20Torma?= <tormakristof@tormakristof.eu>
Date: Mon, 28 Aug 2023 09:55:03 +0200
Subject: [PATCH] add allowed range to ssh

---
 group_vars/all.yaml             | 2 +-
 roles/common/tasks/ufw.yaml     | 3 ++-
 roles/webserver/tasks/main.yaml | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 80bd164..a825e1d 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -1,7 +1,7 @@
 ---
 ansible_become: true
 ansible_user: ansible@intra.tormakris.dev
-webgw_allowedranges:
+allowedranges:
   - 192.168.69.0/24
   - 192.168.1.0/24
 ...
diff --git a/roles/common/tasks/ufw.yaml b/roles/common/tasks/ufw.yaml
index 764d325..f35ef19 100644
--- a/roles/common/tasks/ufw.yaml
+++ b/roles/common/tasks/ufw.yaml
@@ -18,5 +18,6 @@
   community.general.ufw:
     rule: allow
     port: ssh
-    src: 192.168.69.0/24
+    src: "{{ item }}"
+  with_items: "{{ allowedranges }}"
 ...
diff --git a/roles/webserver/tasks/main.yaml b/roles/webserver/tasks/main.yaml
index 82e988e..12e7ee8 100644
--- a/roles/webserver/tasks/main.yaml
+++ b/roles/webserver/tasks/main.yaml
@@ -4,7 +4,7 @@
     rule: allow
     port: https
     src: "{{ item }}"
-  with_items: "{{ webgw_allowedranges }}"
+  with_items: "{{ allowedranges }}"
 
 - name: "Install Nginx via apt"
   ansible.builtin.apt: