Files

T

Clément Désiles c9e2ff930c feat(net_config): safer ufw restart on NAT/forwarding changes

- Replace 'ufw disable && ufw --force enable' single-shot handler with a
  block that dry-runs the ruleset, disables, re-enables, then verifies
  ufw is active. No '&&' short-circuit, so failures are loud instead of
  leaving the host firewall-less.
- Rename handler to 'Restart ufw (ip-forwarding settings changed)' to
  reflect that this is a full restart (required to pick up
  /etc/default/ufw and /etc/ufw/before.rules changes per ufw(8)).
- Add NAT/masquerade tasks: enable ipv4 forwarding, set
  DEFAULT_FORWARD_POLICY=ACCEPT, and write a per-interface *nat block
  in /etc/ufw/before.rules.
- Declare requires_ansible >=2.15 in meta/runtime.yml (handler uses
  block:, supported since 2.12; 2.15 is a safe modern floor).
- README: document Ansible version requirement, port reservation
  rules, and Immich pgvector Q&A.

2026-05-29 22:24:16 +02:00

handlers

feat(net_config): safer ufw restart on NAT/forwarding changes

2026-05-29 22:24:16 +02:00

README.md

net-config

This role configures a network interface.

Requirements

None

Example Playbook

- hosts: servers
  roles:
      - role: net-config
        interface:
            name: lan0
            mac_address: 02:a0:c9:8d:7e:b6
            address: 192.168.1.2/24
            gateway: 192.168.1.254
            nameservers:
                - 1.1.1.1
                - 8.8.8.8

License

MIT

Author Information

Jokester main@jokester.fr