feat(roles/pf): add argument specs

1 files changed, 22 insertions, 5 deletions

diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
index 8e81e1c..4fba69e 100644
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@@ -7,14 +7,31 @@
     owner: 0
     group: 0
     mode: "0600"
-  notify:
-    - lint pf configuration
-    - enable pf
-    - restart pf
+  register: pf_result_generate_configuration
+
+- name: lint pf configuration  # noqa: no-handler
+  ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}"
+  register: pf_result_lint_configuration
+  changed_when:
+    - pf_result_generate_configuration.changed
+    - pf_result_lint_configuration.rc != 0
+
+- name: restart pf  # noqa: no-handler
+  ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}"
+  when: pf_result_generate_configuration.changed
 
 - name: test pf rules
   ansible.builtin.wait_for:
     port: "{{ item }}"
-    delay: 2
+    delay: "{{ pf_test_delay }}"
     state: started
   loop: "{{ pf_test_ports }}"
+
+- name: enable pf
+  ansible.builtin.command: pfctl -e
+  register: pf_result_enable
+  changed_when:
+    - "'already enabled' not in pf_result_enable.stderr"
+  failed_when:
+    - pf_result_enable.rc != 0
+    - "'already enabled' not in pf_result_enable.stderr"