hotfix: permission and fatal error

Author: AEP20

ansible/roles/dashboard/tasks/main.yml

@@ -49,6 +49,8 @@
     creates: "{{ dashboard_venv_dir }}/bin/activate"
   become: true
   become_user: "{{ aegis_system_user }}"
+  environment:
+    HOME: "{{ dashboard_app_dir }}"
 
 
 - name: Ensure venv ownership is correct
@@ -67,6 +69,8 @@
     virtualenv: "{{ dashboard_venv_dir }}"
   become: true
   become_user: "{{ aegis_system_user }}"
+  environment:
+    HOME: "{{ dashboard_app_dir }}"
 
 
 - name: Allow control-plane to run system commands without password

ansible/roles/dns/templates/unbound.conf.j2

@@ -4,6 +4,15 @@ server:
     interface: {{ dns_listen_address }}
     port: {{ dns_listen_port }}
 
+    # Network protocols (disable IPv6 if disabled in kernel to prevent crash)
+    do-ip4: yes
+    do-ip6: {{ 'yes' if wg_enable_ipv6 else 'no' }}
+    do-udp: yes
+    do-tcp: yes
+
+    # Ubuntu default trust anchor for DNSSEC
+    auto-trust-anchor-file: "/var/lib/unbound/root.key"
+
     access-control: {{ dns_allowed_subnet }} allow
 
     verbosity: 0

ansible/roles/wireguard/tasks/main.yml

@@ -22,6 +22,15 @@
     reload: yes
   become: true
 
+- name: Allow services to bind to non-local IPs (prevents Unbound crash on VPN restart)
+  sysctl:
+    name: net.ipv4.ip_nonlocal_bind
+    value: "1"
+    sysctl_set: yes
+    state: present
+    reload: yes
+  become: true
+
 - name: Show detected default interface
   debug:
     var: ansible_facts["default_ipv4"]["interface"]