refactor: Explicitly set permanent firewall configuration

When neither `permanent` nor `runtime` is set, the firewall role
normally defaults to `runtime` only. Inexplicably it seems to set the
permanent configuration as well, but let's not rely on this and instead
make this explicit.

Author: martinpitt

tasks/firewall.yml

@@ -6,9 +6,12 @@
   vars:
     _cockpit_port: "{{ cockpit_port if cockpit_port is not none else 9090 }}"
     _cockpit_port_proto: "{{ _cockpit_port }}/tcp"
-    firewall: "{{ [{'service': 'cockpit', 'state': 'enabled'}]
-                  if (_cockpit_port | int) == 9090 else
-                  [{'port': _cockpit_port_proto, 'state': 'enabled'}] }}"
+    firewall:
+        permanent: true
+        runtime: true
+        state: enabled
+        service: "{{ 'cockpit' if (_cockpit_port | int) == 9090 else omit }}"
+        port: "{{ _cockpit_port_proto if (_cockpit_port | int) != 9090 else omit }}"
   when:
     - cockpit_manage_firewall | bool
     - ansible_facts['os_family'] == 'RedHat' or ansible_facts['os_family'] == 'Suse'