Keep track of IPs for PVE hosts

Yea they're all random, I'll deal with that later
2021-01-31 12:46:43 +00:00
parent 9023b269eb
commit 058290b321
11 changed files with 33 additions and 19 deletions
--- a/ansible/roles/nebula/files/nebula.yml
+++ b/ansible/roles/nebula/files/nebula.yml
@ -32,7 +32,7 @@ tun:
  routes:
  unsafe_routes:
 {% if ansible_fqdn != "ingress" %}
-    - route: 10.23.1.0/24
+    - route: "{{ pve_hosts.internal_cidr }}"
      via: "{{ nebula.clients.ingress.ip }}"
 {% endif %}

--- a/ansible/roles/nebula/tasks/main.yml
+++ b/ansible/roles/nebula/tasks/main.yml
@ -59,7 +59,7 @@
    table: nat
    chain: POSTROUTING
    out_interface: ens18
-    source: "{{ nebula.subnet }}"
+    source: "{{ nebula.cidr }}"
    jump: MASQUERADE
  notify: persist iptables
  become: true
--- a/ansible/roles/pve_nebula_route/tasks/main.yml
+++ b/ansible/roles/pve_nebula_route/tasks/main.yml
@ -4,7 +4,7 @@
      - ip
      - route
      - show
-      - "{{ nebula.subnet }}"
+      - "{{ nebula.cidr }}"
  register: routes
  changed_when: false
  become: true
@ -15,8 +15,8 @@
      - ip
      - route
      - add
-      - "{{ nebula.subnet }}"
+      - "{{ nebula.cidr }}"
      - via
-      - "{{ ingress_private_ip }}"
+      - "{{ pve_hosts.ingress.internal_ip }}"
  become: true
-  when: nebula.subnet not in routes.stdout
+  when: nebula.cidr not in routes.stdout
--- a/ansible/roles/pve_nebula_route/vars/main.yml
+++ b/ansible/roles/pve_nebula_route/vars/main.yml
@ -1 +0,0 @@
-ingress_private_ip: 10.23.1.88
--- a/ansible/roles/traefik/defaults/main.yml
+++ b/ansible/roles/traefik/defaults/main.yml
@ -1,7 +1,5 @@
 traefik_influx_db_dir: ./influxdb

-traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"
-
 traefik_provider_jellyfin: false
 traefik_provider_homeassistant: false

--- a/ansible/roles/traefik/files/file-provider-homeassistant.yml
+++ b/ansible/roles/traefik/files/file-provider-homeassistant.yml
@ -9,4 +9,4 @@ http:
    service-homeassistant:
      loadBalancer:
        servers:
-          - url: http://192.168.2.41:8123
+          - url: http://{{ pve_hosts.homeassistant.ip }}:8123
--- a/ansible/roles/traefik/files/file-provider-jellyfin.yml
+++ b/ansible/roles/traefik/files/file-provider-jellyfin.yml
@ -9,4 +9,4 @@ http:
    service-jellyfin:
      loadBalancer:
        servers:
-          - url: http://10.23.1.29:8096
+          - url: http://{{ pve_hosts.jellyfin.internal_ip }}:8096
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@ -3,17 +3,23 @@ entryPoints:
    address: :80
    proxyProtocol:
      trustedIPs:
-        - "{{ traefik_proxy_protocol_trusted_ips }}"
+        - "{{ wireguard.cidr }}"
+        - "{{ pve_hosts.internal_cidr }}"
+        - "{{ nebula.cidr }}"
  web-secure:
    address: :443
    proxyProtocol:
      trustedIPs:
-        - "{{ traefik_proxy_protocol_trusted_ips }}"
+        - "{{ wireguard.cidr }}"
+        - "{{ pve_hosts.internal_cidr }}"
+        - "{{ nebula.cidr }}"
  matrix:
    address: :8448
    proxyProtocol:
      trustedIPs:
-        - "{{ traefik_proxy_protocol_trusted_ips }}"
+        - "{{ wireguard.cidr }}"
+        - "{{ pve_hosts.internal_cidr }}"
+        - "{{ nebula.cidr }}"
  traefik:
    address: "{{ private_ip }}:8080"