Update roles/preflight/tasks/main.yml

roles/preflight/tasks/main.yml

@@ -89,3 +89,45 @@
   ansible.builtin.debug:
     msg: "INFO: This LXC was deployed via Proxmox helper script — built-in update script detected at /usr/bin/update. Ansible will manage updates instead."
   when: helper_script_marker.stat.exists
+
+
+# =============================================================================
+# OPNsense Specific Preflight Checks
+# =============================================================================
+
+- name: OPN | Verify Required Variables for OPNsense
+  ansible.builtin.assert:
+    that:
+      - ansible_host is defined
+      - firewall_api_port is defined
+    fail_msg: "Required OPNsense variables (ansible_host or firewall_api_port) are missing."
+  when: "'opnsense' in group_names"
+  tags: [preflight, vars]
+
+- name: OPN | Verify SSH Connectivity (Port {{ ansible_port | default(22) }})
+  ansible.builtin.wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ ansible_port | default(22) }}"
+    timeout: 5
+    msg: "SSH port is not reachable. Check firewall whitelisting."
+  when: "'opnsense' in group_names"
+  tags: [preflight, connection]
+
+- name: OPN | Verify API Connectivity (Port {{ firewall_api_port }})
+  ansible.builtin.wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ firewall_api_port }}"
+    timeout: 5
+    msg: "Web GUI/API port is not reachable. Check OPNsense settings."
+  when: "'opnsense' in group_names"
+  tags: [preflight, connection, api]
+
+- name: OPN | Verify httpx Library on Control Node
+  ansible.builtin.command: python3 -c "import httpx"
+  delegate_to: localhost
+  run_once: true
+  register: httpx_check
+  failed_when: httpx_check.rc != 0
+  changed_when: false
+  when: "'opnsense' in group_names"
+  tags: [preflight, dependencies]