- name: Install ufw package (Archlinux)
  when: ansible_facts['os_family'] == "Archlinux"
  community.general.pacman:
    name:
      - ufw
    state: present
    update_cache: true

- name: Add ufw rules
  community.general.ufw:
    comment: "{{ item.name }}"
    direction: 'in'
    from_ip: "{{ item.source }}"
    proto: "{{ item.protocol }}"
    rule: "{{ item.action }}"
    to_ip: "{{ item.destination }}"
    to_port: "{{ item.port }}"
  loop: "{{ ufw_rules }}"

- name: Enable ufw
  when: ufw_enabled
  community.general.ufw:
    default: "deny"
    direction: "incoming"
    logging: "low"
    state: enabled

- name: Enable the ufw service
  when: ufw_enabled
  ansible.builtin.service:
    name: ufw
    state: restarted
    enabled: true