- name: Install service configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: rc.conf
      dest: /etc/rc.conf.d/pf

- name: Install PF configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
    validate: "pfctl -vnf %s"
  notify: restart pf
  loop:
    - src: "{{ pf_config }}"
      dest: /etc/pf.conf

- name: Check if pf is running
  shell: service pf status
  register: is_pf_running
  failed_when: is_pf_running.rc != 0
  ignore_errors: true

- name: Enable pflog
  notify: restart pflog
  community.general.sysrc:
    name: pflog_enable
    value: "YES"
    path: /etc/rc.conf.d/pflog
  when: pflog_conf|length > 0

- name: Disable pflog
  notify: stop pflog
  community.general.sysrc:
    name: pflog_enable
    value: "NO"
    path: /etc/rc.conf.d/pflog
  when: pflog_conf|length == 0

- name: Set pflog instances
  notify: restart pflog
  community.general.sysrc:
    name: pflog_instances
    value: "{{ pflog_conf|community.general.json_query('[].name')|join(' ') }}"
    path: /etc/rc.conf.d/pflog
  when: pflog_conf|length > 0

- name: Remove pflog instances
  notify: stop pflog
  community.general.sysrc:
    name: jail_list
    state: absent
    path: /etc/rc.conf.d/pflog
  when: pflog_conf|length == 0

- name: Set pflog device names
  notify: restart pflog
  community.general.sysrc:
    name: "pflog_{{item.name}}_dev"
    value: "{{ item.dev }}"
    path: /etc/rc.conf.d/pflog
  loop: "{{ pflog_conf }}"

- name: Set pflog logfile names
  notify: restart pflog
  community.general.sysrc:
    name: "pflog_{{item.name}}_logfile"
    value: "{{ item.logfile|default('/var/log/' + item.dev) }}"
    path: /etc/rc.conf.d/pflog
  loop: "{{ pflog_conf }}"