Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Install tailscale

Browse Source 
Install, not configure
This commit is contained in:
Jake Howard
2024-02-01 19:41:47 +00:00
parent 29cac09b48
commit 02847355a7
6 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ansible/roles/ingress/files/nftables.conf
View File

@ -19,6 +19,9 @@ table inet filter {
# Allow nebula
udp dport {{ nebula_listen_port }} accept;
# Allow Tailscale
udp dport {{ tailscale_port }} accept;
}
chain POSTROUTING {
@ -27,6 +30,7 @@ table inet filter {
# NAT - because the proxmox machines may not have routes back
ip saddr {{ nebula.cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
}
chain FORWARD {
@ -39,5 +43,9 @@ table inet filter {
# Allow monitoring of nebula network
ip saddr {{ pve_hosts.forrest.ip }}/32 ip daddr {{ nebula.cidr }} accept
# Allow traffic from Tailscale to proxmox network
ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} accept
ip saddr {{ pve_hosts.internal_cidr }} ip daddr {{ tailscale_cidr }} ct state related,established accept
}
}