From 8317bffa1cacb74340b0fd40a28c625dd00378b5 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Sun, 30 Nov 2025 16:18:45 +0100
Subject: [PATCH] fix: load role defaults properly

---
 playbook.yaml       |  4 ++++
 tasks/firewall.yaml | 17 ++---------------
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/playbook.yaml b/playbook.yaml
index 8621495..397dc8f 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -6,6 +6,10 @@
   serial: 2
   become: true
 
+  # load role defaults
+  vars_files:
+    - "defaults/main.yaml"
+
   # import handlers
   handlers:
     - import_tasks: "handlers/main.yaml"
diff --git a/tasks/firewall.yaml b/tasks/firewall.yaml
index 97e0bfb..b5dd07e 100644
--- a/tasks/firewall.yaml
+++ b/tasks/firewall.yaml
@@ -5,25 +5,12 @@
   tags: "firewall"
   block:
 
-    # set debug vars
-    - name: "set debug vars"
-      ansible.builtin.set_fact:
-        firewall_host_rules: []
-
     # set vars
     - name: "set vars"
       ansible.builtin.set_fact:
         __firewall_enable: "{{ firewall_enable }}"
         __firewall_all_rules: "{{ firewall_basic_rules | union(firewall_host_rules)}}"
 
-    - name: "debug"
-      ansible.builtin.debug:
-        msg: "outside {{ firewall_enable }}"
-
-    - name: "debug"
-      ansible.builtin.debug:
-        msg: "inside {{ __firewall_enable }}"
-
     # manage firewall for debian
     - name: "firewall - debian family"
       when: "ansible_os_family == 'Debian'"
@@ -31,7 +18,7 @@
 
         # remove and disable firewall
         - name: "remove and disable firewall"
-          when: '__firewall_enable == "false"'
+          when: "not __firewall_enable"
           block:
 
             # stop service
@@ -50,7 +37,7 @@
 
         # install and enable firewall
         - name: "install and enable firewall"
-          when: '__firewall_enable == "true"'
+          when: "__firewall_enable"
           block:
 
             # install ufw