boma/roles/base/tasks
sjat b006196cc5 fix(base): confirm firewall apply over a FRESH connection
established/related keeps the in-flight session alive across the swap, so the
prior 'next task runs' confirm always passed even if new connections were
bricked — the rollback was theater. reset_connection + wait_for_connection now
force a fresh handshake through the new ruleset; failure aborts the play and the
armed timer reverts. (meta: reset_connection ignores 'when' — benign extra
reconnect on no-op runs; verified idempotent in molecule.)
2026-06-06 19:06:39 +02:00
..
firewall.yml fix(base): confirm firewall apply over a FRESH connection 2026-06-06 19:06:39 +02:00
main.yml feat(base): render nftables ruleset from catalog (+ molecule fixture) 2026-06-06 18:57:44 +02:00