From faa50f9b36236a15e49f55506979f8bced3695ce Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Fri, 23 Apr 2021 00:44:49 +0200
Subject: [PATCH] fix condition

---
 roles/networking/tasks/main.yml | 18 ++++++++++++++++--
 roles/vpn/handlers/main.yml     |  1 +
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml
index 903ae9d..a15482a 100644
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -4,11 +4,25 @@
     name: net.ipv4.ip_forward
     value: '1'
     sysctl_set: true
-  when: "{{ ipv4_forwarding }}"
+  when: ipv4_forwarding
 
 - name: Enable ipv6 forwarding
   ansible.posix.sysctl:
     name: net.ipv6.conf.all.forwarding
     value: '1'
     sysctl_set: true
-  when: "{{ ipv6_forwarding }}"
+  when: ipv6_forwarding
+
+- name: Disable ipv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: '0'
+    sysctl_set: true
+  when: not ipv4_forwarding
+
+- name: Disable ipv6 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: '0'
+    sysctl_set: true
+  when: not ipv6_forwarding
diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml
index 8e081c2..0b973f9 100644
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@@ -1,4 +1,5 @@
 ---
+# This is so uggly
 - name: Reload wireguard for interface
   systemd:
     name: "wg-quick@{{ item }}"