From b8f08d5aafb0c4d6d514c28304f501dd043faace Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Tue, 17 Jun 2025 20:40:23 +0000 Subject: [PATCH] pf: Use templates for static firewall configs --- group_vars/dnagw.yml | 2 +- group_vars/fsolgw.yml | 2 +- roles/pf/tasks/main.yml | 2 +- roles/pf/{files/pf.conf.gw_home => templates/pf.conf.gw_dna.j2} | 0 .../pf/{files/pf.conf.gw_fsol => templates/pf.conf.gw_fsol.j2} | 0 5 files changed, 3 insertions(+), 3 deletions(-) rename roles/pf/{files/pf.conf.gw_home => templates/pf.conf.gw_dna.j2} (100%) rename roles/pf/{files/pf.conf.gw_fsol => templates/pf.conf.gw_fsol.j2} (100%) diff --git a/group_vars/dnagw.yml b/group_vars/dnagw.yml index d6f1446..36e764b 100644 --- a/group_vars/dnagw.yml +++ b/group_vars/dnagw.yml @@ -45,7 +45,7 @@ unbound_zones: - home.foo.sh # use custom firewall config -firewall_src: pf.conf.gw_home.j2 +firewall_src: pf.conf.gw_dna.j2 # unbound config unbound_config: unbound.conf.dna.j2 diff --git a/group_vars/fsolgw.yml b/group_vars/fsolgw.yml index 6012a52..7022257 100644 --- a/group_vars/fsolgw.yml +++ b/group_vars/fsolgw.yml @@ -9,5 +9,5 @@ network_vip_interfaces: pass: "{{ vip145_pass }}" # use custom firewall and ifstated config -firewall_src: pf.conf.gw_fsol +firewall_src: pf.conf.gw_fsol.j2 ifstated_config: ifstated-fsol.conf diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 588dac6..1b40203 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Copy pf.conf - ansible.builtin.copy: + ansible.builtin.template: src: "{{ firewall_src }}" dest: /etc/pf.conf mode: "0600" diff --git a/roles/pf/files/pf.conf.gw_home b/roles/pf/templates/pf.conf.gw_dna.j2 similarity index 100% rename from roles/pf/files/pf.conf.gw_home rename to roles/pf/templates/pf.conf.gw_dna.j2 diff --git a/roles/pf/files/pf.conf.gw_fsol b/roles/pf/templates/pf.conf.gw_fsol.j2 similarity index 100% rename from roles/pf/files/pf.conf.gw_fsol rename to roles/pf/templates/pf.conf.gw_fsol.j2