---
- name: Enable and start firewalld
  ansible.builtin.systemd:
    name: firewalld
    enabled: yes
    state: started

- name: Assign interface ens18 to core zone
  ansible.posix.firewalld:
    interface: ens18
    zone: core
    state: enabled
    permanent: true

- name: Assign interface ens19 to mgmt zone
  ansible.posix.firewalld:
    interface: ens19
    zone: mgmt
    state: enabled
    permanent: true

- name: Assign interface ens20 to dmz zone
  ansible.posix.firewalld:
    interface: ens20
    zone: dmz
    state: enabled
    permanent: true

- name: Set core to default
  ansible.builtin.command: firewall-cmd --set-default-zone=core 

# - name: Remove ens18 from public
#   ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 
  
- name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload

- debug:
    var: hostvars[inventory_hostname]['roles']

################ SWARM SETUP ################
- name: Open Docker Swarm manager port 2377/tcp
  ansible.builtin.firewalld:
    zone: core
    port: 2377/tcp
    permanent: true
    state: enabled
  when: "'swarm' in hostvars[inventory_hostname]['roles']"

- name: Open Docker Swarm overlay node discovery port 7946/tcp
  ansible.builtin.firewalld:
    zone: core
    port: 7946/tcp
    permanent: true
    state: enabled
  when: "'swarm' in hostvars[inventory_hostname]['roles']"

- name: Open Docker Swarm overlay node discovery port 7946/udp
  ansible.builtin.firewalld:
    zone: core
    port: 7946/udp
    permanent: true
    state: enabled
  when: "'swarm' in hostvars[inventory_hostname]['roles']"

- name: Open Docker Swarm overlay network traffic 4789/udp
  ansible.builtin.firewalld:
    zone: core
    port: 4789/udp
    permanent: true
    state: enabled
  when: "'swarm' in hostvars[inventory_hostname]['roles']"