Automatically create cloud firewall rules for installs onto Vultr (#1400

)

* Update main.yml

* Change module names and add IPv6 firewall rules

Uses guide at https://www.renemoser.net/blog/2018/03/19/vultr-firewalling-with-ansible/ written by Rene Moser.

* change vultr to vr

* add ip_version to firewall rules

* add SSH access rules

* Use variable for wireguard port

* update module names for ansible 2.7

* Fix trailing whitespaces

* Try to fix trailing whitespaces again

roles/cloud-vultr/tasks/main.yml

@@ -9,13 +9,35 @@
       ssh_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
     register: ssh_key
 
+  - name: Creating a firewall group
+    vultr_firewall_group:
+      name: "{{ algo_server_name }}"
+
+  - name: Creating firewall rules
+    vultr_firewall_rule:
+      group: "{{ algo_server_name }}"
+      protocol: "{{ item.protocol }}"
+      port: "{{ item.port }}"
+      ip_version: "{{ item.ip }}"
+      cidr: "{{ item.cidr }}"
+    with_items:
+    - { protocol: tcp, port: 22, ip: v4, cidr: "0.0.0.0/0" }
+    - { protocol: tcp, port: 22, ip: v6, cidr: "::/0" }
+    - { protocol: udp, port: 500, ip: v4, cidr: "0.0.0.0/0" }
+    - { protocol: udp, port: 500, ip: v6, cidr: "::/0" }
+    - { protocol: udp, port: 4500, ip: v4, cidr: "0.0.0.0/0" }
+    - { protocol: udp, port: 4500, ip: v6, cidr: "::/0" }
+    - { protocol: udp, port: "{{ wireguard_port }}", ip: v4, cidr: "0.0.0.0/0" }
+    - { protocol: udp, port: "{{ wireguard_port }}", ip: v6, cidr: "::/0" }
+
   - name: Creating a server
     vultr_server:
       name: "{{ algo_server_name }}"
       hostname: "{{ algo_server_name }}"
       os: "{{ cloud_providers.vultr.os }}"
       plan: "{{ cloud_providers.vultr.size }}"
       region: "{{ algo_vultr_region }}"
+      firewall_group: "{{ algo_server_name }}"
       state: started
       tag: Environment:Algo
       ssh_key: "{{ ssh_key.vultr_ssh_key.name }}"