containers, synapse: groups -> group_names

wireguard: prevent ufw from screwing up config
2024-06-19 14:05:35 -04:00 · 2024-06-19 14:04:51 -04:00
3 changed files with 12 additions and 5 deletions
--- a/roles/containers/tasks/main.yml
+++ b/roles/containers/tasks/main.yml
@ -15,7 +15,7 @@
  user:
    name: gitea
  register: user_gitea
-  when: '"gitea" in groups'
+  when: '"gitea" in group_names'

 - name: Create Syncthing group
  group:
@ -27,7 +27,7 @@
    name: syncthing
    group: vault
  register: user_syncthing
-  when: '"syncthing" in groups'
+  when: '"syncthing" in group_names'

 - name: Create Syncthing vault directories
  file:
@ -95,7 +95,7 @@
  user:
    name: navidrome
  register: user_navidrome
-  when: '"navidrome" in groups'
+  when: '"navidrome" in group_names'

 - name: Create Navidrome directory
  file:
@ -124,7 +124,7 @@
  user:
    name: synapse
  register: user_synapse
-  when: '"synapse" in groups'
+  when: '"synapse" in group_names'

 - name: Figure out local IP address
  set_fact:
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@ -3,7 +3,7 @@
 - name: Create Synapse user
  user:
    name: synapse
-  when: '"synapse" in groups'
+  when: '"synapse" in group_names'

 - name: Create Synapse directories
  file:
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@ -17,6 +17,13 @@
    reload: yes
  when: '"bastion" in group_names'

+- name: Prevent UFW from removing IP forwarding
+  lineinfile:
+    path: /etc/ufw/sysctl.conf
+    regexp: "^net/ipv4/ip_forward="
+    line: "net/ipv4/ip_forward=1"
+  when: '"bastion" in group_names'
+
 - name: Setup UFW rules to accept VPN traffic
  community.general.ufw:
    rule: allow
Author	SHA1	Message	Date
dogeystamp	03d59be0eb	containers, synapse: groups -> group_names	2024-06-19 14:05:35 -04:00
dogeystamp	0f5d50ee44	wireguard: prevent ufw from screwing up config	2024-06-19 14:04:51 -04:00