Correctly check hostname against PVE hosts

Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
This commit is contained in:
Jake Howard 2021-08-23 19:56:04 +01:00
parent ecb946bab4
commit edc5c325b7
Signed by: jake
GPG key ID: 57AFB45680EDD477
8 changed files with 14 additions and 11 deletions

View file

@ -1 +1,4 @@
TZ: Europe/London TZ: Europe/London
# HACK: Some of the hostnames aren't valid dict keys
hostname_slug: "{{ ansible_hostname | replace('-', '_') }}"

View file

@ -1 +1 @@
private_ip: "{{ nebula.clients[ansible_hostname].ip }}" private_ip: "{{ nebula.clients[hostname_slug].ip }}"

View file

@ -9,7 +9,7 @@ pve_hosts:
ip: 10.23.1.13 ip: 10.23.1.13
jellyfin: jellyfin:
ip: 10.23.1.101 ip: 10.23.1.101
pve_docker: docker:
ip: 10.23.1.103 ip: 10.23.1.103
gitlab: gitlab:
ip: 10.23.1.106 ip: 10.23.1.106

View file

@ -1,4 +1,4 @@
private_ip: "{{ pve_hosts.pve_docker.ip }}" private_ip: "{{ pve_hosts.docker.ip }}"
traefik_provider_jellyfin: true traefik_provider_jellyfin: true
traefik_provider_homeassistant: true traefik_provider_homeassistant: true

View file

@ -2,7 +2,7 @@
# Change to a high/odd port if this server is exposed to the internet directly # Change to a high/odd port if this server is exposed to the internet directly
Port {{ ssh_port }} Port {{ ssh_port }}
AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }} AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
# Bind to all interfaces (change to specific interface if needed) # Bind to all interfaces (change to specific interface if needed)
ListenAddress 0.0.0.0 ListenAddress 0.0.0.0

View file

@ -17,4 +17,4 @@ scrape_configs:
static_configs: static_configs:
- targets: - targets:
- "{{ nebula.clients.walker.ip }}:8080" - "{{ nebula.clients.walker.ip }}:8080"
- "{{ pve_hosts.pve_docker.ip }}:8080" - "{{ pve_hosts.docker.ip }}:8080"

View file

@ -20,8 +20,8 @@ sidekiq['max_concurrency'] = 10
gitlab_rails['gitlab_default_theme'] = 2 gitlab_rails['gitlab_default_theme'] = 2
nginx['real_ip_header'] = 'X-Forwarded-For' nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.pve_docker.ip }}/32'] nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.pve_docker.ip }}/32'] gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']
# SMTP # SMTP
gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_enable'] = true

View file

@ -18,20 +18,20 @@ defaults
listen http_internal listen http_internal
bind *:80 bind *:80
mode http mode http
server default {{ pve_hosts.pve_docker.ip }}:80 send-proxy-v2 server default {{ pve_hosts.docker.ip }}:80 send-proxy-v2
listen https_internal listen https_internal
bind *:443 bind *:443
mode tcp mode tcp
server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2 server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2
listen matrix_internal listen matrix_internal
bind *:8448 bind *:8448
mode tcp mode tcp
server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2 server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2
# External routes # External routes
listen https_external listen https_external
bind *:8443 accept-proxy bind *:8443 accept-proxy
mode tcp mode tcp
server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2 server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2