From f1dc1e8e2bb55359df26f81700119ff0a464079e Mon Sep 17 00:00:00 2001
From: Davo <info@davidmiklus.cz>
Date: Sat, 8 Oct 2022 19:33:37 +0200
Subject: [PATCH] dev

---
 handlers/main.yml |  4 ++++
 tasks/main.yml    | 37 +++++++++++++++++++++++--------------
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 26d07ee..d00f0c2 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,3 +2,7 @@
 - name: daemon reload
   ansible.builtin.systemd:
     daemon_reload: yes
+- name: firewalld reload
+  ansible.builtin.systemd:
+    state: restarted
+    name: firewalld
diff --git a/tasks/main.yml b/tasks/main.yml
index 36d052a..8dd0d8f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,11 +1,4 @@
-- name: sw-node-exporter | PRE - 1. Install req packages
-  ansible.builtin.apt:
-    name:
-    - firewalld
-    state: present
-    update_cache: yes
-
-- name: sw-node-exporter | PRE - 2. Stop, disable and mask ufw service
+- name: sw-node-exporter | PRE - 1. Stop, disable and mask ufw service
   ansible.builtin.systemd:
     state: stopped
     name: ufw
@@ -13,6 +6,13 @@
     masked: yes
     daemon_reload: yes
 
+- name: sw-node-exporter | PRE - 2. Install firewalld
+  ansible.builtin.apt:
+    name:
+    - firewalld
+    state: present
+    update_cache: yes
+
 - name: sw-node-exporter | PRE - 3. Start and enable firewalld service
   ansible.builtin.systemd:
     state: started
@@ -20,16 +20,25 @@
     enabled: yes
     daemon_reload: yes
 
-- name: sw-node-exporter | PRE - 4. Allow traffic in default zone on port 9100/tcp
+- name: sw-node-exporter | PRE - 4. Allow ports in firewalld
   ansible.posix.firewalld:
-    port: 9100/tcp
+    port: "{{ item }}"
     permanent: yes
     state: enabled
+  notify: firewalld reload
+  loop:
+    - 9100/tcp
+    - 22/tcp
 
-- name: sw-node-exporter | PRE - 5. Reload firewalld service
-  ansible.builtin.systemd:
-    state: restarted
-    name: firewalld
+# Muze byt pridano vice portu pomoci variablu, tedy alespon myslim, ale abych si nic nero*esral, tak je to takto.
+#- name: sw-node-exporter | PRE - 4. Allow ports in firewalld
+#  ansible.posix.firewalld:
+#    port: "{{ item }}"
+#    permanent: yes
+#    state: enabled
+#  notify: reload firewalld
+#  with_items: "{{ additional_ports }}"
+#  when: additional_ports is defined
 
 - name: sw-node-exporter | 1. Download and Unarchive node-exporter in /usr/local/bin
   ansible.builtin.unarchive: