add firewall base role

playbooks/roles/firewall/tasks/main.yml

@@ -0,0 +1,43 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for firewall
+#
+- name: Ensure ufw is installed
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+    update_cache: true
+  become: true
+
+- name: Enable ufw
+  community.general.ufw:
+    state: enabled
+  become: true
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    port: 22
+    proto: tcp
+  become: true
+
+# Allow ports for check_mk
+- name: Allow port 161 for check_mk 
+  community.general.ufw:
+    rule: allow
+    port: 161
+    proto: udp
+  become: true
+- name: Allow port 6556 for check_mk
+  community.general.ufw:
+    rule: allow
+    port: 6556
+    proto: tcp
+  become: true
+
+# Set default policy
+- name: Set default incoming policy to deny
+  community.general.ufw:
+    default: deny
+    direction: incoming
+  become: true

playbooks/setup_server.yml

@@ -1,16 +0,0 @@
-- name: Setup new server
-  hosts: all  
-  become: true
-  gather_facts: false
-
-  pre_tasks:
-    - name: Ensure that limit is provided 
-      assert:
-        that:
-          - ansible_limit is defined 
-        fail_msg: "You must limit the hosts (ansible-playbook setup_server.yml -i inventory.yml --limit host1)"
-
-  roles: 
-    - name: devsec.hardening.os_hardening
-    - name: checkmk.general.agent
-