---
- name: Copy pf.conf
  ansible.builtin.copy:
    src: "{{ firewall_src }}"
    dest: /etc/pf.conf
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
    validate: pfctl -N -f %s
  notify: Reload pf
  when: firewall_src is defined

- name: Create pf.conf from template
  ansible.builtin.template:
    src: pf.conf.j2
    dest: /etc/pf.conf
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
    validate: pfctl -N -f %s
  notify: Reload pf
  when: firewall_src is not defined