From eb6fe3a23bc4504595ad1c219d03c7d350a75c0d Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Fri, 22 Mar 2024 14:22:53 +0000
Subject: [PATCH] Allow forrest to access internal services

This is mostly for monitoring
---
 ansible/group_vars/all/pve.yml                |  1 +
 ansible/roles/forrest/tasks/main.yml          | 27 +++++++++++++++++++
 .../traefik/files/file-provider-main.yml      |  1 +
 3 files changed, 29 insertions(+)

diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml
index d58653b..53c4951 100644
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@@ -17,6 +17,7 @@ pve_hosts:
     ip: 10.23.1.10
     external_ip: 192.168.2.201
     external_ipv6: "{{ vault_ingress_ipv6 }}"
+    link_local: fe80::d4e4:22ff:fe8b:429d
   homeassistant:
     ip: 192.168.2.203
   qbittorrent:
diff --git a/ansible/roles/forrest/tasks/main.yml b/ansible/roles/forrest/tasks/main.yml
index 687e326..289e26e 100644
--- a/ansible/roles/forrest/tasks/main.yml
+++ b/ansible/roles/forrest/tasks/main.yml
@@ -6,3 +6,30 @@
 
 - name: Prometheus
   include_tasks: prometheus.yml
+
+- name: Get routes
+  command:
+    argv:
+      - ip
+      - -6
+      - route
+      - show
+      - "{{ vps_hosts.private_ipv6_range }}"
+  register: routes
+  changed_when: false
+  become: true
+
+- name: Add route to private services via ingress
+  command:
+    argv:
+      - ip
+      - -6
+      - route
+      - add
+      - "{{ vps_hosts.private_ipv6_range }}"
+      - via
+      - "{{ pve_hosts.ingress.link_local }}"
+      - dev
+      - eth0
+  become: true
+  when: vps_hosts.private_ipv6_marker not in routes.stdout
diff --git a/ansible/roles/traefik/files/file-provider-main.yml b/ansible/roles/traefik/files/file-provider-main.yml
index 2715d76..378c911 100644
--- a/ansible/roles/traefik/files/file-provider-main.yml
+++ b/ansible/roles/traefik/files/file-provider-main.yml
@@ -14,6 +14,7 @@ http:
         sourceRange:
           - "{{ tailscale_cidr }}"
           - "{{ tailscale_cidr_ipv6 }}"
+          - "{{ pve_hosts.forrest.ip }}"
 
     private-access:
       ipWhiteList: