Add IPv6 to proxmox internal network

2024-04-20 18:00:08 +01:00 · 2024-04-20 18:00:08 +01:00 · 7ff44ee238
commit 7ff44ee238
parent 7c8d224c4a
6 changed files with 11 additions and 6 deletions
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@ -1,5 +1,6 @@
 pve_hosts:
  internal_cidr: 10.23.1.0/24
  internal_cidr_ipv6: fde3:15e9:e883::1/48
  pve:
    ip: 10.23.1.1
    external_ip: 192.168.2.200
@ -7,17 +8,19 @@ pve_hosts:
    ip: 10.23.1.11
  forrest:
    ip: 10.23.1.13
    ipv6: fde3:15e9:e883::103
  jellyfin:
    ip: 10.23.1.101
  dokku:
    ip: 10.23.1.102
  docker:
    ip: 10.23.1.103
    ipv6: fde3:15e9:e883::203
  ingress:
    ip: 10.23.1.10
    external_ip: 192.168.2.201
    external_ipv6: "{{ vault_ingress_ipv6 }}"
-    link_local: fe80::d4e4:22ff:fe8b:429d
+    ipv6: fde3:15e9:e883::100
  homeassistant:
    ip: 192.168.2.203
  qbittorrent:
--- a/ansible/roles/base/files/ssh-jail.conf
+++ b/ansible/roles/base/files/ssh-jail.conf
@ -4,4 +4,4 @@ bantime  = 600
 findtime = 30
 maxretry = 5
 port     = {{ ssh_port }},ssh
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}
--- a/ansible/roles/forrest/tasks/main.yml
+++ b/ansible/roles/forrest/tasks/main.yml
@ -28,7 +28,7 @@
      - add
      - "{{ vps_hosts.private_ipv6_range }}"
      - via
-      - "{{ pve_hosts.ingress.link_local }}"
+      - "{{ pve_hosts.ingress.ipv6 }}"
      - dev
      - eth0
  become: true
--- a/ansible/roles/gateway/files/nginx-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/nginx-fail2ban-jail.conf
@ -6,9 +6,9 @@ maxretry = 100
 filter   = nginx-tcp
 logpath  = /var/log/nginx/ips.log
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
 [traefik]
 enabled = true
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
--- a/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
+++ b/ansible/roles/traefik/files/fail2ban/traefik-jail.conf
@ -6,5 +6,5 @@ maxretry = 5
 filter   = traefik
 logpath = /tmp/traefik-logs/access.log
 port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
 action = gateway
--- a/ansible/roles/traefik/files/file-provider-main.yml
+++ b/ansible/roles/traefik/files/file-provider-main.yml
@ -15,6 +15,7 @@ http:
          - "{{ tailscale_cidr }}"
          - "{{ tailscale_cidr_ipv6 }}"
          - "{{ pve_hosts.forrest.ip }}"
          - "{{ pve_hosts.forrest.ipv6 }}"
    private-access:
      ipWhiteList:
@ -23,3 +24,4 @@ http:
          - "{{ tailscale_cidr_ipv6 }}"
          - "{{ nebula.cidr }}"
          - "{{ pve_hosts.internal_cidr }}"
          - "{{ pve_hosts.internal_cidr_ipv6 }}"