aboutsummaryrefslogtreecommitdiffstats
path: root/roles/pf
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2022-12-17 21:59:58 +0100
committerRomain Gonçalves <me@rgoncalves.se>2022-12-21 17:19:46 +0100
commit8ce56f15e0751870b56805010241dcfe8389b10f (patch)
tree5cb2c136ea8d829c93810d908e63501ff79afd6e /roles/pf
parent783cfa8469c7922f787305e15e95c0619479744b (diff)
downloadrules-8ce56f15e0751870b56805010241dcfe8389b10f.tar.gz
refactor: remove global __services from roles
Diffstat (limited to 'roles/pf')
-rw-r--r--roles/pf/defaults/main.yml8
-rw-r--r--roles/pf/templates/pf.conf.j25
2 files changed, 11 insertions, 2 deletions
diff --git a/roles/pf/defaults/main.yml b/roles/pf/defaults/main.yml
index edba159..29a53f8 100644
--- a/roles/pf/defaults/main.yml
+++ b/roles/pf/defaults/main.yml
@@ -1,5 +1,13 @@
---
+pf_rules: null
+# name: ...
+# protocol: ...
+# port: ...
+# name: ...
+# protocol: ...
+# port: ...
+
pf_configuration_file: /etc/pf.conf
pf_test_ports:
- "{{ ansible_port }}"
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2
index 1b51fe7..e60b4a6 100644
--- a/roles/pf/templates/pf.conf.j2
+++ b/roles/pf/templates/pf.conf.j2
@@ -11,8 +11,9 @@ block all
pass in quick on egress proto tcp to port {{ ansible_port }}
# host services
-{% for service in __services %}
-pass in quick on egress proto {{ service["protocol"] }} to port {{ service["port"] }}
+{% for name, rules in pf_rules.items() %}
+# {{ name }}
+pass in quick on egress proto {{ rules.protocol }} to port {{ rules.port }}
{% endfor %}
# wireguard
remember that computers suck.