- name: generate pf configuration
  template:
    src: pf.conf.j2
    dest: "{{ pf_configuration_file }}"
    owner: 0
    group: 0
    mode: 0600
  notify:
    - lint pf configuration

- name: enable pf
  command: pfctl -e
  register: result
  failed_when:
    - result.rc != 0
    - "'already enabled' not in result.stderr"

- name: restart pf
  command: pfctl -f "{{ pf_configuration_file }}"

- name: test ssh connection on new pf rule
  wait_for:
    port: 22
    delay: 2
    state: started