- name: Install required packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  loop:
    - firewalld
    - curl


- name: Enable and start firewalld
  ansible.builtin.service:
    name: firewalld
    state: started
    enabled: yes


- name: Set firewalld rule for required ports
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
    immediate: yes
  loop:
    - 22/tcp # ssh
    # k3s ports
    - 2379-2380/tcp
    - 6443/tcp
    - 8472/udp
    - 10250/tcp
    # tcp and udb for metallb
    - 7946/udp
    - 7946/tcp


- name: Set firewalld rule for required zones
  firewalld:
    zone: trusted
    source: "{{ item }}"
    permanent: yes
    state: enabled
    immediate: yes
  loop:
    - 10.42.0.0/16 # pods
    - 10.43.0.0/16 # services