From 9023b269eba7e0c52f1c5a77339188084395f1e7 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 31 Jan 2021 12:19:33 +0000
Subject: [PATCH] Allow PVE VMs to access nebula hosts via ingress

---
 ansible/main.yml                              |  2 ++
 ansible/roles/pve_nebula_route/tasks/main.yml | 22 +++++++++++++++++++
 ansible/roles/pve_nebula_route/vars/main.yml  |  1 +
 3 files changed, 25 insertions(+)
 create mode 100644 ansible/roles/pve_nebula_route/tasks/main.yml
 create mode 100644 ansible/roles/pve_nebula_route/vars/main.yml

diff --git a/ansible/main.yml b/ansible/main.yml
index f2093c3..f562f4d 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -44,6 +44,7 @@
     - gitea
     - duplicati
     - yourls
+    - pve_nebula_route
 
 - hosts: ingress
   roles:
@@ -58,3 +59,4 @@
       become: true
     - pve
     - zfs
+    - pve_nebula_route
diff --git a/ansible/roles/pve_nebula_route/tasks/main.yml b/ansible/roles/pve_nebula_route/tasks/main.yml
new file mode 100644
index 0000000..ade4ad0
--- /dev/null
+++ b/ansible/roles/pve_nebula_route/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Get routes
+  command:
+    argv:
+      - ip
+      - route
+      - show
+      - "{{ nebula.subnet }}"
+  register: routes
+  changed_when: false
+  become: true
+
+- name: Add route to nebula hosts via ingress
+  command:
+    argv:
+      - ip
+      - route
+      - add
+      - "{{ nebula.subnet }}"
+      - via
+      - "{{ ingress_private_ip }}"
+  become: true
+  when: nebula.subnet not in routes.stdout
diff --git a/ansible/roles/pve_nebula_route/vars/main.yml b/ansible/roles/pve_nebula_route/vars/main.yml
new file mode 100644
index 0000000..f424e8a
--- /dev/null
+++ b/ansible/roles/pve_nebula_route/vars/main.yml
@@ -0,0 +1 @@
+ingress_private_ip: 10.23.1.88