diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:32:37 +0100 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:33:36 +0100 |
| commit | adfb09b9e19f7a31632eab01171693cb81ec75ef (patch) | |
| tree | 7b05135581ff49e7a5655ab07af7bba2ada43585 /roles/pf | |
| parent | 5c5b0fbf68dca224b7f92f5de0913fd684e7d3d9 (diff) | |
| download | rules-adfb09b9e19f7a31632eab01171693cb81ec75ef.tar.gz | |
refactor(roles): new variable naming standard
Diffstat (limited to 'roles/pf')
| -rw-r--r-- | roles/pf/defaults/main.yml | 8 | ||||
| -rw-r--r-- | roles/pf/meta/main.yml | 8 | ||||
| -rw-r--r-- | roles/pf/tasks/main.yml | 28 | ||||
| -rw-r--r-- | roles/pf/templates/pf.conf.j2 | 2 |
4 files changed, 23 insertions, 23 deletions
diff --git a/roles/pf/defaults/main.yml b/roles/pf/defaults/main.yml index 90b4c7e..7e8ac41 100644 --- a/roles/pf/defaults/main.yml +++ b/roles/pf/defaults/main.yml @@ -1,8 +1,8 @@ --- -pf_rules: null +pf__rules: null -pf_configuration_file: /etc/pf.conf -pf_test_delay: 2 -pf_test_ports: +pf__configuration_file: /etc/pf.conf +pf__test_delay: 2 +pf__test_ports: - "{{ ansible_port }}" diff --git a/roles/pf/meta/main.yml b/roles/pf/meta/main.yml index 8a6aa88..9c02951 100644 --- a/roles/pf/meta/main.yml +++ b/roles/pf/meta/main.yml @@ -5,7 +5,7 @@ argument_specs: short_description: pf main entrypoint. options: - pf_rules: + pf__rules: type: list elements: dict required: true @@ -25,17 +25,17 @@ argument_specs: required: true description: Port to be configured - pf_configuration_file: + pf__configuration_file: type: path required: true description: Pf configuration file - pf_test_delay: + pf__test_delay: type: int required: true description: Pf test delay - pf_test_ports: + pf__test_ports: type: list element: int required: true diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 4fba69e..9737315 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -3,35 +3,35 @@ - name: generate pf configuration ansible.builtin.template: src: pf.conf.j2 - dest: "{{ pf_configuration_file }}" + dest: "{{ pf__configuration_file }}" owner: 0 group: 0 mode: "0600" - register: pf_result_generate_configuration + register: pf__result_generate_configuration - name: lint pf configuration # noqa: no-handler - ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}" - register: pf_result_lint_configuration + ansible.builtin.command: "pfctl -nf {{ pf__configuration_file }}" + register: pf__result_lint_configuration changed_when: - - pf_result_generate_configuration.changed - - pf_result_lint_configuration.rc != 0 + - pf__result_generate_configuration.changed + - pf__result_lint_configuration.rc != 0 - name: restart pf # noqa: no-handler - ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}" - when: pf_result_generate_configuration.changed + ansible.builtin.command: pfctl -f "{{ pf__configuration_file }}" + when: pf__result_generate_configuration.changed - name: test pf rules ansible.builtin.wait_for: port: "{{ item }}" - delay: "{{ pf_test_delay }}" + delay: "{{ pf__test_delay }}" state: started - loop: "{{ pf_test_ports }}" + loop: "{{ pf__test_ports }}" - name: enable pf ansible.builtin.command: pfctl -e - register: pf_result_enable + register: pf__result_enable changed_when: - - "'already enabled' not in pf_result_enable.stderr" + - "'already enabled' not in pf__result_enable.stderr" failed_when: - - pf_result_enable.rc != 0 - - "'already enabled' not in pf_result_enable.stderr" + - pf__result_enable.rc != 0 + - "'already enabled' not in pf__result_enable.stderr" diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index 193c9d2..2f159b4 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -11,7 +11,7 @@ block all pass in quick on egress proto tcp to port {{ ansible_port }} # host services -{% for rule in pf_rules %} +{% for rule in pf__rules %} # {{ rule.name }} pass in quick on egress proto {{ rule.protocol }} to port {{ rule.port }} {% endfor %} |