From de3373e97d133e0ac76fb44deb5dea27c18d8815 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Sat, 11 Dec 2021 18:50:33 +0000
Subject: roles: Add pf and relayd roles for domain controller

---
 roles/pf/tasks/main.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 roles/pf/tasks/main.yml

(limited to 'roles/pf/tasks')

diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
new file mode 100644
index 0000000..4fafb77
--- /dev/null
+++ b/roles/pf/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: generate pf configuration
+  template:
+    src: pf.conf.j2
+    dest: "{{ pf_configuration_file }}"
+    owner: 0
+    group: 0
+    mode: 0600
+  notify:
+    - lint pf configuration
+
+- name: enable pf
+  command: pfctl -e
+  register: result
+  failed_when:
+    - result.rc != 0
+    - "'already enabled' not in result.stderr"
+
+- name: restart pf
+  command: pfctl -f "{{ pf_configuration_file }}"
+
+- name: test ssh connection on new pf rule
+  wait_for:
+    port: 22
+    delay: 2
+    state: started
-- 
cgit v1.2.3