Correctly check hostname against PVE hosts

Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
parent ecb946bab4
commit edc5c325b7
8 changed files with 14 additions and 11 deletions
--- a/ansible/roles/base/files/sshd_config
+++ b/ansible/roles/base/files/sshd_config
@ -2,7 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}

-AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
+AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}

 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0
--- a/ansible/roles/forrest/files/prometheus/prometheus.yml
+++ b/ansible/roles/forrest/files/prometheus/prometheus.yml
@ -17,4 +17,4 @@ scrape_configs:
    static_configs:
      - targets:
          - "{{ nebula.clients.walker.ip }}:8080"
-          - "{{ pve_hosts.pve_docker.ip }}:8080"
+          - "{{ pve_hosts.docker.ip }}:8080"
--- a/ansible/roles/gitlab/files/gitlab.rb
+++ b/ansible/roles/gitlab/files/gitlab.rb
@ -20,8 +20,8 @@ sidekiq['max_concurrency'] = 10
 gitlab_rails['gitlab_default_theme'] = 2

 nginx['real_ip_header'] = 'X-Forwarded-For'
-nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.pve_docker.ip }}/32']
-gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.pve_docker.ip }}/32']
+nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
+gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']

 # SMTP
 gitlab_rails['smtp_enable'] = true
--- a/ansible/roles/ingress/files/haproxy.cfg
+++ b/ansible/roles/ingress/files/haproxy.cfg
@ -18,20 +18,20 @@ defaults
 listen http_internal
    bind *:80
    mode http
-    server default {{ pve_hosts.pve_docker.ip }}:80 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:80 send-proxy-v2

 listen https_internal
    bind *:443
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2

 listen matrix_internal
    bind *:8448
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2

 # External routes
 listen https_external
    bind *:8443 accept-proxy
    mode tcp
-    server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
+    server default {{ pve_hosts.docker.ip }}:443 send-proxy-v2