boma/roles/base/tasks
sjat 402913efb3 fix(base): make rollback snapshot restorable (flush-prefixed)
Bare 'nft list ruleset' has no leading flush, so the timer's 'nft -f rollback'
was a no-op on first apply (empty file) and errored ('table exists') on later
applies — the auto-rollback silently did nothing, defeating the askari lockout
safeguard. Prepend 'flush ruleset' so the revert is atomic + self-contained.
Verified the snapshot->lockout->revert round-trip in an isolated netns.
Also fix stale STATUS prose (base is partially built, not absent).
2026-06-06 19:15:38 +02:00
..
firewall.yml fix(base): make rollback snapshot restorable (flush-prefixed) 2026-06-06 19:15:38 +02:00
main.yml feat(base): render nftables ruleset from catalog (+ molecule fixture) 2026-06-06 18:57:44 +02:00