3 files changed, 12 insertions, 38 deletions

diff --git a/ansible/roles/nftables b/ansible/roles/nftables
new file mode 160000
+Subproject 8fbc92fa7effee6e7ce9e04b5a15b1af12b93f8
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
index 89e25d9..e44d173 100644
--- a/ansible/roles/ufw/tasks/main.yml
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -1,37 +1,17 @@
-- name: Install UFW
-  apt:
-    update_cache: true
-    cache_valid_time: 3600
-    pkg:
-      - ufw
-  tags:
-    - role::ufw
-
-- name: Allow OpenSSH
-  community.general.ufw:
-    rule: allow
-    name: OpenSSH
-  tags:
-    - role::ufw
-
-- name: Enable UFW and deny all traffic by default
+- name: Disable UFW  # noqa
   community.general.ufw:
-    state: enabled
-    policy: deny
+    state: disabled
   tags:
     - role::ufw
+  ignore_errors: true  # subsequent deploys
 
-- name: Allow WireGuard
-  community.general.ufw:
-    rule: allow
-    proto: udp
-    port: "{{ wireguard_port }}"
-    comment: "Allow WireGuard"
-  tags:
-    - role::ufw
+- name: Uninstall UFW
+  apt:
+    name: ufw
+    state: absent
+    purge: true
 
-- name: Apply service-specific rules
-  community.general.ufw: "{{ item }}"
-  with_items: "{{ ufw_rules }}"
-  tags:
-    - role::ufw
+- name: Purge UFW files
+  file:
+    path: /etc/ufw
+    state: absent
diff --git a/ansible/roles/ufw/vars/main.yml b/ansible/roles/ufw/vars/main.yml
deleted file mode 100644
index 3c342ec..0000000
--- a/ansible/roles/ufw/vars/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-ufw_rules:
-  - comment: Allow internal traffic
-    interface: wg0
-    direction: in
-    rule: allow
-    from_ip: 10.0.0.0/8