Correctly check hostname against PVE hosts

Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00 · 2021-08-23 19:56:04 +01:00 · edc5c325b7
commit edc5c325b7
parent ecb946bab4
8 changed files with 14 additions and 11 deletions
--- a/ansible/group_vars/all/base.yml
+++ b/ansible/group_vars/all/base.yml
@ -1 +1,4 @@
 TZ: Europe/London
+
+# HACK: Some of the hostnames aren't valid dict keys
+hostname_slug: "{{ ansible_hostname | replace('-', '_') }}"
--- a/ansible/group_vars/all/network.yml
+++ b/ansible/group_vars/all/network.yml
@ -1 +1 @@
-private_ip: "{{ nebula.clients[ansible_hostname].ip }}"
+private_ip: "{{ nebula.clients[hostname_slug].ip }}"
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@ -9,7 +9,7 @@ pve_hosts:
    ip: 10.23.1.13
  jellyfin:
    ip: 10.23.1.101
-  pve_docker:
+  docker:
    ip: 10.23.1.103
  gitlab:
    ip: 10.23.1.106
--- a/ansible/host_vars/pve-docker.yml
+++ b/ansible/host_vars/pve-docker.yml
@ -1,4 +1,4 @@
-private_ip: "{{ pve_hosts.pve_docker.ip }}"
+private_ip: "{{ pve_hosts.docker.ip }}"

 traefik_provider_jellyfin: true
 traefik_provider_homeassistant: true
--- a/ansible/roles/base/files/sshd_config
+++ b/ansible/roles/base/files/sshd_config
@ -2,7 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}

-AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
+AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}

 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0
--- a/ansible/roles/forrest/files/prometheus/prometheus.yml
+++ b/ansible/roles/forrest/files/prometheus/prometheus.yml
@ -17,4 +17,4 @@ scrape_configs:
    static_configs:
      - targets:
          - "{{ nebula.clients.walker.ip }}:8080"
-          - "{{ pve_hosts.pve_docker.ip }}:8080"
+          - "{{ pve_hosts.docker.ip }}:8080"
--- a/ansible/roles/gitlab/files/gitlab.rb
+++ b/ansible/roles/gitlab/files/gitlab.rb
@ -20,8 +20,8 @@ sidekiq['max_concurrency'] = 10
 gitlab_rails['gitlab_default_theme'] = 2

 nginx['real_ip_header'] = 'X-Forwarded-For'
-nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.pve_docker.ip }}/32']
-gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.pve_docker.ip }}/32']
+nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
+gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']

 # SMTP
 gitlab_rails['smtp_enable'] = true
--- a/ansible/roles/ingress/files/haproxy.cfg
+++ b/ansible/roles/ingress/files/haproxy.cfg
@ -18,20 +18,20 @@ defaults
 listen http_internal
    bind *:80
    mode http
-    server default {{ pve_hosts.pve_docker.ip }}:80 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:80 send-proxy-v2

 listen https_internal
    bind *:443
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2

 listen matrix_internal
    bind *:8448
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2

 # External routes
 listen https_external
    bind *:8443 accept-proxy
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2