Enable unsafe routing to PVE network over nebula
This commit is contained in:
parent
da301eb7dd
commit
643d843bfb
6 changed files with 50 additions and 31 deletions
|
@ -3,3 +3,4 @@
|
||||||
- src: realorangeone.reflector
|
- src: realorangeone.reflector
|
||||||
- src: https://github.com/IronicBadger/ansible-role-proxmox-nag-removal
|
- src: https://github.com/IronicBadger/ansible-role-proxmox-nag-removal
|
||||||
name: proxmox-nag-removal
|
name: proxmox-nag-removal
|
||||||
|
- src: chmduquesne.iptables_persistent
|
||||||
|
|
|
@ -47,6 +47,8 @@
|
||||||
|
|
||||||
- hosts: ingress
|
- hosts: ingress
|
||||||
roles:
|
roles:
|
||||||
|
- role: chmduquesne.iptables_persistent
|
||||||
|
become: true
|
||||||
- ingress
|
- ingress
|
||||||
- nebula
|
- nebula
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,21 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
39323766353534666565353365343264316566373835373965323039643032326630356163346466
|
33613132393536346238646436336337333631646337353863653235313463663238393731313438
|
||||||
6231396366316132363365626364333739363261633539660a636239303437343964663937616333
|
6630633261383936623762313834333233653036376663620a336338333734616561623734653737
|
||||||
34643531646239656531636663613536396333386563366539623533366136656664333934336561
|
63313162393834333636313763643832643861643635633534343364643436646166363337353135
|
||||||
3632663565613633380a613262386463316630333666343338613138646238363563643465373937
|
6661386263333064640a663737306436356639336234633961363836633161376237366439653931
|
||||||
30383062386266316339353535656462623862303337636431653038376434356436666132396638
|
65323761333863316530313331343730656436376435346230333466363265303734396432373065
|
||||||
39313638373539626536366138336135323562366163323865363336376661363339616539323838
|
65386139643266333539313162393632643038343364323438653230623461626266393864633261
|
||||||
31336234323234383630336636303932333130363965383834303634353766313364636437383365
|
65323361623639376562393538326431396238643263376366396632333962396264653730623466
|
||||||
32646461396239343531643664666632326263343934636162356237333535393936363530366138
|
63383463363832613738616461656638616330333733663164346562386630653734313463653461
|
||||||
33373463656334636332356331333363633130353363383762343336353033306565363362383235
|
33336563656534613339323536666265313435396563653033613835386630313465666466396330
|
||||||
35633237343434333230363234383663383037656664303462636161303534666236663938356438
|
64336631343364383734613839356639346165313633326130376634663537336261366238623637
|
||||||
32383334373964356364613033613835646132663462623663343363323563613836663266323833
|
38306435313861653232323666643235303930636137636165633838313962306438333236313135
|
||||||
64346332323431643964393338633564316436363136313034383037323731626662653364383630
|
61313638343066646261613530623039316439386637326335376264653032396235306431363134
|
||||||
30323138376439323134343035336538363231393036663234636363316530643661336264653730
|
35353932363565633463653330633339343331343366393436666166343130643038666230383431
|
||||||
66333665643662346334353562396536373436343464623732653665323732396433363364383731
|
36353138623533633865333837633035666566376264313737373861373834306132653662393037
|
||||||
36643761626162643136313036356164386661303238386665373165313261646666656562353864
|
36393538373964366564323963386664313832303439393166633636336637396262613331333862
|
||||||
30613761633532623464323561613063303663343062636533656135366230326534303530373562
|
38663164613230323762343833396231366139643836623665326231626533323433636164613736
|
||||||
66633963343634363463376434323030326439343865356333626437613033363832303134396233
|
37653163663131333332366339613337376635623064383935303038646336373361346366616636
|
||||||
35343461666338396230346463653262666536333538393762343734643731306130353439653934
|
62363162633835353937323565646665313730396633383835313662306161383466383562333462
|
||||||
353831323464636265326662623339356536
|
39363234646365343938393733323463333764623638363238643037323065303865633066333666
|
||||||
|
61363731646566366663
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
36326234316536306532643962333761653138383133376665336236663261643765666536373163
|
64383037313331303138303765616563663233333366613162363534626131653635626639343437
|
||||||
6637363962666264306238346538333233356162663432610a386466313439626433383664353435
|
3134643661613762373363616435366335303838623061640a303031326164616563623632653037
|
||||||
32656534326534336136323136336139643562633264346538643536316563613664303963653262
|
35636633653731616533373862663839646462383830616634656630376231343639643434366437
|
||||||
6361616138343439310a396133646138623935373634316161376337346534336530636566653364
|
3933353135646430320a343366386363643037323538323132646366393165383935363236643934
|
||||||
33653932383261643964333862373735646363366136386532666164333464303966313061363061
|
61336261383633636464316563306631333131393861373963636637656262393231663035333164
|
||||||
65363235656164343566653034313163313163373464386639306138386536613236376336373536
|
65653537626365613335313363313765373561333466613365336239363136346531333335323461
|
||||||
64383037636433333233363532633338643737366133316465646537623535316663663363613931
|
38393737376365663533386365353035346539333566343938336136623134633736613936656461
|
||||||
65366639323663653534636131323439663338636633656331383961346536376366626532326130
|
35663634363332366530626233663333663963343764316633366337663166393335376638393037
|
||||||
36663564383839346237343137313964653764656532663461373161613836313566616164636335
|
38376331626266353431623235353462626230663230323666346636306439646164333965396539
|
||||||
6166613333643234313630363134643733343038666234356165
|
3764336237653833366565313531366462336130303565346639
|
||||||
|
|
|
@ -11,9 +11,9 @@ lighthouse:
|
||||||
am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
|
am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
|
||||||
interval: 60
|
interval: 60
|
||||||
hosts:
|
hosts:
|
||||||
{% if not nebula_is_lighthouse %}
|
{% if not nebula_is_lighthouse %}
|
||||||
- "{{ nebula_lighthouse_ip }}"
|
- "{{ nebula_lighthouse_ip }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
listen:
|
listen:
|
||||||
host: 0.0.0.0
|
host: 0.0.0.0
|
||||||
|
@ -31,6 +31,10 @@ tun:
|
||||||
mtu: 1300
|
mtu: 1300
|
||||||
routes:
|
routes:
|
||||||
unsafe_routes:
|
unsafe_routes:
|
||||||
|
{% if ansible_fqdn != "ingress" %}
|
||||||
|
- route: 10.23.1.0/24
|
||||||
|
via: "{{ nebula.clients.ingress.ip }}"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
|
|
|
@ -53,3 +53,14 @@
|
||||||
name: nebula
|
name: nebula
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
- name: Enable unsafe routing
|
||||||
|
iptables:
|
||||||
|
table: nat
|
||||||
|
chain: POSTROUTING
|
||||||
|
out_interface: ens18
|
||||||
|
source: "{{ nebula.subnet }}"
|
||||||
|
jump: MASQUERADE
|
||||||
|
notify: persist iptables
|
||||||
|
become: true
|
||||||
|
when: ansible_fqdn == "ingress"
|
||||||
|
|
Loading…
Reference in a new issue