Add firewall configuration to server role

roles/server/tasks/firewalld.yaml

@@ -0,0 +1,29 @@
+---
+- name: Enable systemd-firewalld
+  become: true
+  ansible.builtin.systemd:
+    name: firewalld
+    state: started
+    enabled: true
+
+- name: Configure firewall interface zones
+  become: true
+  when: item.value.firewall is defined
+  ansible.posix.firewalld:
+    interface: "{{ item.key }}"
+    zone: "{{ item.value.firewall }}"
+    state: enabled
+    permanent: true
+    immediate: true
+  loop: "{{ skylab_networking | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: Configure firewall for docker interface
+  become: true
+  when: "'docker0' in ansible_interfaces"
+  ansible.posix.firewalld:
+    interface: docker0
+    zone: dmz
+    permanent: true
+    immediate: true

roles/server/tasks/main.yaml

@@ -9,6 +9,10 @@
   when: skylab_networking is defined
   ansible.builtin.include_tasks: networkd.yaml
 
+- name: Configure firewall settings
+  when: skylab_networking is defined
+  ansible.builtin.include_tasks: firewalld.yaml
+
 - name: Configure hostsfile
   when: skylab_direct_peers is defined
   ansible.builtin.include_tasks: hosts.yaml