---
- hosts: chloe-jump
  gather_facts: true
  become: true

  roles:
    - dnf-automatic
    - statusservices

  vars_files:
    - "{{ inventory_dir }}/vars/vault.yaml"

  vars:
    dnf_update_time: 'mon 03:30'

    status_services_extra:
      - tailscaled


  post_tasks:
    - name: Enable IPv4 Forwarding in kernel
      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: "1"


    - name: Enable IPv6 Forwarding in kernel
      ansible.posix.sysctl:
        name: net.ipv6.conf.all.forwarding
        value: "1"


    # https://github.com/tailscale/tailscale/issues/3416
    - name: Enable IP Masquerading in firewalld
      ansible.posix.firewalld:
        masquerade: true
        permanent: true
        state: enabled