Enable unsafe routing to PVE network over nebula

2021-01-30 22:59:56 +00:00
parent da301eb7dd
commit 643d843bfb
6 changed files with 50 additions and 31 deletions
--- a/ansible/roles/nebula/files/nebula.yml
+++ b/ansible/roles/nebula/files/nebula.yml
@ -11,9 +11,9 @@ lighthouse:
  am_lighthouse: "{{ nebula_is_lighthouse | lower }}"
  interval: 60
  hosts:
-    {% if not nebula_is_lighthouse %}
+{% if not nebula_is_lighthouse %}
    - "{{ nebula_lighthouse_ip }}"
-    {% endif %}
+{% endif %}

 listen:
  host: 0.0.0.0
@ -31,6 +31,10 @@ tun:
  mtu: 1300
  routes:
  unsafe_routes:
+{% if ansible_fqdn != "ingress" %}
+    - route: 10.23.1.0/24
+      via: "{{ nebula.clients.ingress.ip }}"
+{% endif %}


 logging: