From edc5c325b7d08a679b6019dfb084c010e89c164a Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 23 Aug 2021 19:56:04 +0100
Subject: [PATCH] Correctly check hostname against PVE hosts

Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
---
 ansible/group_vars/all/base.yml                       | 3 +++
 ansible/group_vars/all/network.yml                    | 2 +-
 ansible/group_vars/all/pve.yml                        | 2 +-
 ansible/host_vars/pve-docker.yml                      | 2 +-
 ansible/roles/base/files/sshd_config                  | 2 +-
 ansible/roles/forrest/files/prometheus/prometheus.yml | 2 +-
 ansible/roles/gitlab/files/gitlab.rb                  | 4 ++--
 ansible/roles/ingress/files/haproxy.cfg               | 8 ++++----
 8 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/ansible/group_vars/all/base.yml b/ansible/group_vars/all/base.yml
index 03df6c2..61f4117 100644
--- a/ansible/group_vars/all/base.yml
+++ b/ansible/group_vars/all/base.yml
@@ -1 +1,4 @@
 TZ: Europe/London
+
+# HACK: Some of the hostnames aren't valid dict keys
+hostname_slug: "{{ ansible_hostname | replace('-', '_') }}"
diff --git a/ansible/group_vars/all/network.yml b/ansible/group_vars/all/network.yml
index 66a2abc..878ea3a 100644
--- a/ansible/group_vars/all/network.yml
+++ b/ansible/group_vars/all/network.yml
@@ -1 +1 @@
-private_ip: "{{ nebula.clients[ansible_hostname].ip }}"
+private_ip: "{{ nebula.clients[hostname_slug].ip }}"
diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml
index f7cf6bd..01d41d6 100644
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@@ -9,7 +9,7 @@ pve_hosts:
     ip: 10.23.1.13
   jellyfin:
     ip: 10.23.1.101
-  pve_docker:
+  docker:
     ip: 10.23.1.103
   gitlab:
     ip: 10.23.1.106
diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml
index 06f2be8..50265cb 100644
--- a/ansible/host_vars/pve-docker.yml
+++ b/ansible/host_vars/pve-docker.yml
@@ -1,4 +1,4 @@
-private_ip: "{{ pve_hosts.pve_docker.ip }}"
+private_ip: "{{ pve_hosts.docker.ip }}"
 
 traefik_provider_jellyfin: true
 traefik_provider_homeassistant: true
diff --git a/ansible/roles/base/files/sshd_config b/ansible/roles/base/files/sshd_config
index 4a69245..e537032 100644
--- a/ansible/roles/base/files/sshd_config
+++ b/ansible/roles/base/files/sshd_config
@@ -2,7 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}
 
-AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
+AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
 
 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0
diff --git a/ansible/roles/forrest/files/prometheus/prometheus.yml b/ansible/roles/forrest/files/prometheus/prometheus.yml
index 2406a46..4acac16 100644
--- a/ansible/roles/forrest/files/prometheus/prometheus.yml
+++ b/ansible/roles/forrest/files/prometheus/prometheus.yml
@@ -17,4 +17,4 @@ scrape_configs:
     static_configs:
       - targets:
           - "{{ nebula.clients.walker.ip }}:8080"
-          - "{{ pve_hosts.pve_docker.ip }}:8080"
+          - "{{ pve_hosts.docker.ip }}:8080"
diff --git a/ansible/roles/gitlab/files/gitlab.rb b/ansible/roles/gitlab/files/gitlab.rb
index 36e3cc4..65bcef3 100644
--- a/ansible/roles/gitlab/files/gitlab.rb
+++ b/ansible/roles/gitlab/files/gitlab.rb
@@ -20,8 +20,8 @@ sidekiq['max_concurrency'] = 10
 gitlab_rails['gitlab_default_theme'] = 2
 
 nginx['real_ip_header'] = 'X-Forwarded-For'
-nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.pve_docker.ip }}/32']
-gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.pve_docker.ip }}/32']
+nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
+gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']
 
 # SMTP
 gitlab_rails['smtp_enable'] = true
diff --git a/ansible/roles/ingress/files/haproxy.cfg b/ansible/roles/ingress/files/haproxy.cfg
index 837ec24..e304901 100644
--- a/ansible/roles/ingress/files/haproxy.cfg
+++ b/ansible/roles/ingress/files/haproxy.cfg
@@ -18,20 +18,20 @@ defaults
 listen http_internal
     bind *:80
     mode http
-    server default {{ pve_hosts.pve_docker.ip }}:80 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:80 send-proxy-v2
 
 listen https_internal
     bind *:443
     mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2
 
 listen matrix_internal
     bind *:8448
     mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2
 
 # External routes
 listen https_external
     bind *:8443 accept-proxy
     mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2