diff --git a/ansible/group_vars/all/nebula.yml b/ansible/group_vars/all/nebula.yml index acea341..49f5306 100644 --- a/ansible/group_vars/all/nebula.yml +++ b/ansible/group_vars/all/nebula.yml @@ -1,5 +1,5 @@ nebula: - subnet: 10.23.2.0/24 + cidr: 10.23.2.0/24 clients: casey: ip: 10.23.2.1 diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml new file mode 100644 index 0000000..5e6a8db --- /dev/null +++ b/ansible/group_vars/all/pve.yml @@ -0,0 +1,13 @@ +pve_hosts: + internal_cidr: 10.23.1.0/24 + ingress: + ip: 192.168.2.201 + internal_ip: 10.23.1.88 + jellyfin: + ip: 192.168.2.46 + internal_ip: 10.23.1.29 + pve_docker: + ip: 192.168.2.47 + internal_ip: 10.23.1.7 + homeassistant: + ip: 192.168.2.41 diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml index 86bd388..c12b6c7 100644 --- a/ansible/host_vars/pve-docker.yml +++ b/ansible/host_vars/pve-docker.yml @@ -1,9 +1,7 @@ expose_ssh: true -private_ip: "{{ ansible_default_ipv4.address }}" -protected_ip: 192.168.2.47 - -traefik_proxy_protocol_trusted_ips: 10.23.0.0/16 +private_ip: "{{ pve_hosts.pve_docker.ip }}" +protected_ip: "{{ pve_hosts.pve_docker.internal_ip }}" traefik_provider_jellyfin: true traefik_provider_homeassistant: true diff --git a/ansible/roles/nebula/files/nebula.yml b/ansible/roles/nebula/files/nebula.yml index 74e06c5..b766f6a 100644 --- a/ansible/roles/nebula/files/nebula.yml +++ b/ansible/roles/nebula/files/nebula.yml @@ -32,7 +32,7 @@ tun: routes: unsafe_routes: {% if ansible_fqdn != "ingress" %} - - route: 10.23.1.0/24 + - route: "{{ pve_hosts.internal_cidr }}" via: "{{ nebula.clients.ingress.ip }}" {% endif %} diff --git a/ansible/roles/nebula/tasks/main.yml b/ansible/roles/nebula/tasks/main.yml index d5ea5f9..120d9bd 100644 --- a/ansible/roles/nebula/tasks/main.yml +++ b/ansible/roles/nebula/tasks/main.yml @@ -59,7 +59,7 @@ table: nat chain: POSTROUTING out_interface: ens18 - source: "{{ nebula.subnet }}" + source: "{{ nebula.cidr }}" jump: MASQUERADE notify: persist iptables become: true diff --git a/ansible/roles/pve_nebula_route/tasks/main.yml b/ansible/roles/pve_nebula_route/tasks/main.yml index ade4ad0..f5d6a78 100644 --- a/ansible/roles/pve_nebula_route/tasks/main.yml +++ b/ansible/roles/pve_nebula_route/tasks/main.yml @@ -4,7 +4,7 @@ - ip - route - show - - "{{ nebula.subnet }}" + - "{{ nebula.cidr }}" register: routes changed_when: false become: true @@ -15,8 +15,8 @@ - ip - route - add - - "{{ nebula.subnet }}" + - "{{ nebula.cidr }}" - via - - "{{ ingress_private_ip }}" + - "{{ pve_hosts.ingress.internal_ip }}" become: true - when: nebula.subnet not in routes.stdout + when: nebula.cidr not in routes.stdout diff --git a/ansible/roles/pve_nebula_route/vars/main.yml b/ansible/roles/pve_nebula_route/vars/main.yml deleted file mode 100644 index f424e8a..0000000 --- a/ansible/roles/pve_nebula_route/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -ingress_private_ip: 10.23.1.88 diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml index ad9e8de..0861f0f 100644 --- a/ansible/roles/traefik/defaults/main.yml +++ b/ansible/roles/traefik/defaults/main.yml @@ -1,7 +1,5 @@ traefik_influx_db_dir: ./influxdb -traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}" - traefik_provider_jellyfin: false traefik_provider_homeassistant: false diff --git a/ansible/roles/traefik/files/file-provider-homeassistant.yml b/ansible/roles/traefik/files/file-provider-homeassistant.yml index df1b32d..ac7c20e 100644 --- a/ansible/roles/traefik/files/file-provider-homeassistant.yml +++ b/ansible/roles/traefik/files/file-provider-homeassistant.yml @@ -9,4 +9,4 @@ http: service-homeassistant: loadBalancer: servers: - - url: http://192.168.2.41:8123 + - url: http://{{ pve_hosts.homeassistant.ip }}:8123 diff --git a/ansible/roles/traefik/files/file-provider-jellyfin.yml b/ansible/roles/traefik/files/file-provider-jellyfin.yml index 97cf39c..18e6f8c 100644 --- a/ansible/roles/traefik/files/file-provider-jellyfin.yml +++ b/ansible/roles/traefik/files/file-provider-jellyfin.yml @@ -9,4 +9,4 @@ http: service-jellyfin: loadBalancer: servers: - - url: http://10.23.1.29:8096 + - url: http://{{ pve_hosts.jellyfin.internal_ip }}:8096 diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index f522647..252515c 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -3,17 +3,23 @@ entryPoints: address: :80 proxyProtocol: trustedIPs: - - "{{ traefik_proxy_protocol_trusted_ips }}" + - "{{ wireguard.cidr }}" + - "{{ pve_hosts.internal_cidr }}" + - "{{ nebula.cidr }}" web-secure: address: :443 proxyProtocol: trustedIPs: - - "{{ traefik_proxy_protocol_trusted_ips }}" + - "{{ wireguard.cidr }}" + - "{{ pve_hosts.internal_cidr }}" + - "{{ nebula.cidr }}" matrix: address: :8448 proxyProtocol: trustedIPs: - - "{{ traefik_proxy_protocol_trusted_ips }}" + - "{{ wireguard.cidr }}" + - "{{ pve_hosts.internal_cidr }}" + - "{{ nebula.cidr }}" traefik: address: "{{ private_ip }}:8080"