boma/roles/base/molecule/default/converge.yml
sjat bca74458fb fix(base): iifname for load-time safety; zone-source molecule fixture
nft -c rejects iif "wt0" when the interface is absent (container, or any host
before NetBird); iifname matches by name and is robust to wt0 coming/going.
Drop the ansible_host fixture override (the docker connection uses it as the
container name) — molecule covers zone resolution, pytest covers service->IP.
2026-06-06 19:02:50 +02:00

22 lines
469 B
YAML

---
- name: Converge
hosts: all
become: true
gather_facts: true
vars:
base__firewall_apply: false
firewall_zones:
lan: 10.30.0.0/24
srv: 10.20.0.0/24
mgmt: 10.10.0.0/24
firewall_catalog:
reverse_proxy:
host: instance
ingress:
- { from: lan, port: 443, proto: tcp }
photoprism:
host: instance
ingress:
- { from: srv, port: 2342, proto: tcp }
roles:
- role: base