---

- name: generate pf configuration
  ansible.builtin.template:
    src: pf.conf.j2
    dest: "{{ pf_configuration_file }}"
    owner: 0
    group: 0
    mode: "0600"
  register: pf_result_generate_configuration

- name: lint pf configuration  # noqa: no-handler
  ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}"
  register: pf_result_lint_configuration
  changed_when:
    - pf_result_generate_configuration.changed
    - pf_result_lint_configuration.rc != 0

- name: restart pf  # noqa: no-handler
  ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}"
  when: pf_result_generate_configuration.changed

- name: test pf rules
  ansible.builtin.wait_for:
    port: "{{ item }}"
    delay: "{{ pf_test_delay }}"
    state: started
  loop: "{{ pf_test_ports }}"

- name: enable pf
  ansible.builtin.command: pfctl -e
  register: pf_result_enable
  changed_when:
    - "'already enabled' not in pf_result_enable.stderr"
  failed_when:
    - pf_result_enable.rc != 0
    - "'already enabled' not in pf_result_enable.stderr"