From cdb9af36617216156e219e57e19f044239fe70a1 Mon Sep 17 00:00:00 2001
From: Christian Martin <25327135+ct-martin@users.noreply.github.com>
Date: Wed, 18 Oct 2017 00:06:57 -0400
Subject: [PATCH] Add firewall and services to playbook

---
 build-scripts/playbook.yml | 53 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml
index 8ec0697..1bd8679 100644
--- a/build-scripts/playbook.yml
+++ b/build-scripts/playbook.yml
@@ -23,3 +23,56 @@
         - vim
         # need to get anaconda install class for TigerOS possibly
         #- letsencrypt
+    - name: Allow HTTPS (nginx)
+      firewalld:
+        service: https
+        permanent: true
+        state: enabled
+    - name: Allow HTTP (nginx)
+      firewalld:
+        service: http
+        permanent: true
+        state: enabled
+    - name: Allow SSH access
+      firewalld:
+        service: ssh
+        permanent: true
+        state: enabled
+    - name: Allow 8080 (Jenkins)
+      firewalld:
+        port: 8080/tcp
+        permanent: true
+        state: enabled
+    - name: Allow Cockpit
+      firewalld:
+        service: cockpit
+        permanent: true
+        state: enabled
+    - name: Enable nginx service
+      systemd:
+        name: nginx
+        enabled: yes
+        state: started
+    - name: Enable Jenkins service
+      systemd:
+        name: jenkins
+        enabled: yes
+        state: started
+    - name: Enable Cockpit service
+      systemd:
+        name: cockpit
+        enabled: yes
+        state: started
+    - name: Enable sshd (openssh-server) service
+      systemd:
+        name: sshd
+        enabled: yes
+        state: started
+    - name: Enable fail2ban service
+      systemd:
+        name: fail2ban
+        enabled: yes
+        state: started
+    - name: Reload Firewall
+      command: firewall-cmd --reload
+      become: true