---
- name: Ensure SSH server installed
  ansible.builtin.apt:
    name: openssh-server
    state: present

- name: Configure firewalls - allow SSH port
  community.general.ufw:
    rule: allow
    port: '22'
    proto: tcp

- name: Configure firewalls - allow SSH by name (backup)
  community.general.ufw:
    rule: allow
    name: OpenSSH
  failed_when: false

- name: Enable UFW with deny default policy
  community.general.ufw:
    state: enabled
    policy: deny