hetzner-ansible/hcloud_firewall.yml

---
- hosts: localhost
  vars:
    hcloud_firewall_objects:
      -
        name: monitoring-extern-https
        state: present
        rules:
        - 
          direction: in
          protocol: tcp
          port: '443'
          source_ips:
           - "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
          destination_ips: []
          description: null
        apply_to:
        -
          type: label_selector
          label_selector:
            selector: 'service=connect'
        -
          type: label_selector
          label_selector:
            selector: 'service=keycloak'


    
  tasks:
    - name: "Setup hcloud firewall via include_role" 
      include_role:
        name: hcloud
        tasks_from: configure-firewall2 
      loop: "{{ hcloud_firewall_objects }}"
      loop_control:
        loop_var: firewall_object