# pf ~~ tasks/main.yml

---

- name: Generate pf configuration
  template:
    src: templates/pf.conf.j2
    dest: /etc/pf.conf
    owner: root
    group: "{{ group_root }}"
    mode: "0600"

- name: Enable pf
  shell: /sbin/pfctl -e
  ignore_errors: true

- name: Restart pf
  shell: /sbin/pfctl -f /etc/pf.conf

- name: Test ssh connection on new pf rule
  wait_for:
    port: 22
    delay: 2
    state: started

- name: Add cron job for pf
  cron:
    cron_file: /etc/crontab
    name: "Reload pf configuration"
    user: root
    job: "/sbin/pfctl -f /etc/pf.conf > /dev/nul 2>&1"
    minute: "*"