---
- hosts: lab
  become: yes
  vars:
    lan_subnet: "192.168.1.0/24"
  tasks:
    - name: Enable Firewall rules for basic LAN access
      community.general.ufw:
        rule: allow
        port: '{{ item }}'
        proto: tcp
        src: '{{ lan_subnet }}'
      loop:
        - 22
        - 53
        - 80
        - 443
    - name: Enable K3s Ports
      community.general.ufw:
        rule: allow
        port: '{{ item }}'
        proto: tcp
      loop:
        - 6443