Allow forrest to access internal services

This is mostly for monitoring

ansible/group_vars/all/pve.yml

@@ -17,6 +17,7 @@ pve_hosts:
     ip: 10.23.1.10
     external_ip: 192.168.2.201
     external_ipv6: "{{ vault_ingress_ipv6 }}"
+    link_local: fe80::d4e4:22ff:fe8b:429d
   homeassistant:
     ip: 192.168.2.203
   qbittorrent:

ansible/roles/forrest/tasks/main.yml

@@ -6,3 +6,30 @@
 
 - name: Prometheus
   include_tasks: prometheus.yml
+
+- name: Get routes
+  command:
+    argv:
+      - ip
+      - -6
+      - route
+      - show
+      - "{{ vps_hosts.private_ipv6_range }}"
+  register: routes
+  changed_when: false
+  become: true
+
+- name: Add route to private services via ingress
+  command:
+    argv:
+      - ip
+      - -6
+      - route
+      - add
+      - "{{ vps_hosts.private_ipv6_range }}"
+      - via
+      - "{{ pve_hosts.ingress.link_local }}"
+      - dev
+      - eth0
+  become: true
+  when: vps_hosts.private_ipv6_marker not in routes.stdout

ansible/roles/traefik/files/file-provider-main.yml

@@ -14,6 +14,7 @@ http:
         sourceRange:
           - "{{ tailscale_cidr }}"
           - "{{ tailscale_cidr_ipv6 }}"
+          - "{{ pve_hosts.forrest.ip }}"
 
     private-access:
       ipWhiteList: