From 69cce6c0e065425ea2c6e7546960f9b5c7cdc674 Mon Sep 17 00:00:00 2001
From: "Ben D." <ben@noreply.localhost>
Date: Thu, 23 Apr 2026 18:39:44 -0700
Subject: [PATCH] Update roles/preflight/tasks/main.yml

---
 roles/preflight/tasks/main.yml | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/roles/preflight/tasks/main.yml b/roles/preflight/tasks/main.yml
index 53c62f9..8279743 100644
--- a/roles/preflight/tasks/main.yml
+++ b/roles/preflight/tasks/main.yml
@@ -89,3 +89,45 @@
   ansible.builtin.debug:
     msg: "INFO: This LXC was deployed via Proxmox helper script — built-in update script detected at /usr/bin/update. Ansible will manage updates instead."
   when: helper_script_marker.stat.exists
+
+
+# =============================================================================
+# OPNsense Specific Preflight Checks
+# =============================================================================
+
+- name: OPN | Verify Required Variables for OPNsense
+  ansible.builtin.assert:
+    that:
+      - ansible_host is defined
+      - firewall_api_port is defined
+    fail_msg: "Required OPNsense variables (ansible_host or firewall_api_port) are missing."
+  when: "'opnsense' in group_names"
+  tags: [preflight, vars]
+
+- name: OPN | Verify SSH Connectivity (Port {{ ansible_port | default(22) }})
+  ansible.builtin.wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ ansible_port | default(22) }}"
+    timeout: 5
+    msg: "SSH port is not reachable. Check firewall whitelisting."
+  when: "'opnsense' in group_names"
+  tags: [preflight, connection]
+
+- name: OPN | Verify API Connectivity (Port {{ firewall_api_port }})
+  ansible.builtin.wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ firewall_api_port }}"
+    timeout: 5
+    msg: "Web GUI/API port is not reachable. Check OPNsense settings."
+  when: "'opnsense' in group_names"
+  tags: [preflight, connection, api]
+
+- name: OPN | Verify httpx Library on Control Node
+  ansible.builtin.command: python3 -c "import httpx"
+  delegate_to: localhost
+  run_once: true
+  register: httpx_check
+  failed_when: httpx_check.rc != 0
+  changed_when: false
+  when: "'opnsense' in group_names"
+  tags: [preflight, dependencies]
\ No newline at end of file