From 7d4a177968cbee60299162accc81d51e0e0f0881 Mon Sep 17 00:00:00 2001
From: Lukas Holota <me@lholota.com>
Date: Wed, 6 Nov 2024 16:03:54 +0100
Subject: [PATCH 1/7] Local SSH adjusted for prefixed remote access

---
 inventory/hosts.yaml     | 8 ++++++--
 playbooks/local/ssh.yaml | 7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml
index e9ccab7..bd87ef6 100644
--- a/inventory/hosts.yaml
+++ b/inventory/hosts.yaml
@@ -2,7 +2,7 @@ all:
   vars:
     ansible_user: lholota
     domain: homecentr.one
-    ups_shutdown_command: "systemctl stop ve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
+    ups_shutdown_command: "systemctl stop pve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
   children:
     pve_nodes:
       hosts:
@@ -71,7 +71,7 @@ all:
               promtail_docker_logs_enabled: true
             unifi_controller:
               ansible_host: 10.1.2.76
-            docs:
+            netboot:
               ansible_host: 10.1.2.77
               docker_enabled: true
               docker_enable_tcp: true
@@ -119,6 +119,10 @@ all:
               docker_enabled: true
               docker_enable_tcp: true
               promtail_docker_logs_enabled: true
+            dhcp1:
+              ansible_host: 10.1.2.90
+            dhcp2:
+              ansible_host: 10.1.2.91
         vm:
           hosts:
             coder:
diff --git a/playbooks/local/ssh.yaml b/playbooks/local/ssh.yaml
index 688eba0..4214b5a 100644
--- a/playbooks/local/ssh.yaml
+++ b/playbooks/local/ssh.yaml
@@ -30,9 +30,12 @@
         create: false
         marker: "# {mark} Homecentr SSH configuration"
         block: |
+          # Locally connecting to an actual host, canonicalization works
           Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr '10.0.0.0/8'"
             ForwardAgent yes
 
-          Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
+          # Remotely the raw hostname does not exist (only with prefix), therefore canonicalization does not work
+          # so we have to add the domain manually
+          Match host=pve*,app-* exec "dig -t a 'ssh-%h.{{ domain }}' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
             ForwardAgent yes
-            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
+            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname "ssh-%h.{{ domain }}"

From d5b14d92ec8346de65a270b5df6e19557002520f Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:06:15 +0200
Subject: [PATCH 2/7] Test

---
 .DS_Store                  | Bin 0 -> 6148 bytes
 .github/workflows/test.yml |  22 ++++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 .DS_Store
 create mode 100644 .github/workflows/test.yml

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..4b6e3e19d22f00fa4e4c362222bb559b91c06fc5
GIT binary patch
literal 6148
zcmeHKy>3%67(LF9k^n=74xNf&V=2lAQl#4`OpKja+BBp}A`)&ylS<icXT(x5F(B~(
zeT_aug;1A{mC6&)^Vtsd)xC)_RTcP??Bi>n&ptWHwPOIPHS0BiI)EyRVCfO7oRD!T
znJBoP4Wcr03@}4?)Nky*k2CDh5gZ5(JTwR7-K}67eGD;$_x_G2R%)@FWsKu?yE}@z
z9I2lDdUnxF&Uf-yy){^qf$SEG)ikF;jaok97>BH<i17(?yQeHz&9C_^UswP7^7Ydb
zqbp~=aeSw3H8ZU*5q(dnD@Kp{_AxfC8Ag0M@>P~U|GZko^|k(a@w<5X&1hXZx372|
zzOTFTPK)juCe(R=Il5FG<3n08u=ORM<!c?i9q!%yaK2{d^Hr{9`uc#5=qsCVJEq2z
zlR)8RdeqnR{nhiu@6XHkb>uVB>uXv6e+!=364l2RLmeCl4g?4OIw1RlW)X}WCKk=s
z!OC0#h$VKLU|a4IlA|3)4ik$UVJMqQw5iHnF_cYbzjnOHVPesyL%GX`aw{u$Ls4dR
z&aVv}DzX^r;6QL7?Lg5!*5&+vv;6*_P6|)Kf#ASD<$x-+ciSy~BzLxEKAfDjnx(@c
pA-u$*Nnz!VW7CkMc$38h$Fwwvk;B9ydl=!5fUzM|!GU{q;1;qXz}5f&

literal 0
HcmV?d00001

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..03092be
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,22 @@
+name: Test
+on:
+  push:
+
+jobs: 
+  validate:
+    runs-on: ubuntu-latest
+    env: 
+      SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Install pre-requisites
+        run: |
+          sudo wget -q -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64
+          sudo chmod a+x /usr/bin/sops
+
+      - name: SOPS
+        run: |
+          
+          sops decrypt ./secrets.yaml > secrets.yam
\ No newline at end of file

From e9d79aa701466fddf2ed20f65c0782c3d400f0bb Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:07:10 +0200
Subject: [PATCH 3/7] Test 2

---
 .github/workflows/test.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 03092be..091c16a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,5 +18,4 @@ jobs:
 
       - name: SOPS
         run: |
-          
-          sops decrypt ./secrets.yaml > secrets.yam
\ No newline at end of file
+          sops decrypt ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file

From 3ebcec1b7db8276666119ec7a539eea2ed992ffd Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:09:17 +0200
Subject: [PATCH 4/7] Test 3

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 091c16a..dd6b02c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,4 +18,4 @@ jobs:
 
       - name: SOPS
         run: |
-          sops decrypt ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file
+          sops decrypt --config ./.sops.yaml ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file

From 41184a8f839336cc7fc521ebb451813031aadb88 Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:11:46 +0200
Subject: [PATCH 5/7] Test 4

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dd6b02c..272f915 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,4 +18,4 @@ jobs:
 
       - name: SOPS
         run: |
-          sops decrypt --config ./.sops.yaml ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file
+          sops decrypt --config <(echo '') ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file

From 384a20b6956a4bcfb517f065c7d01067d0ccf763 Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:12:16 +0200
Subject: [PATCH 6/7] Test 5

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 272f915..ce3f865 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,4 +18,4 @@ jobs:
 
       - name: SOPS
         run: |
-          sops decrypt --config <(echo '') ./inventory/group_vars/all/users.sops.yaml
\ No newline at end of file
+          sops decrypt --config <(echo '') inventory/group_vars/all/users.sops.yaml
\ No newline at end of file

From 552f52c6c1f7d98da9bf49ac0e3888e5fd322cf7 Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Thu, 21 Aug 2025 14:12:55 +0200
Subject: [PATCH 7/7] Test 6

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ce3f865..b2f76bf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,4 +18,4 @@ jobs:
 
       - name: SOPS
         run: |
-          sops decrypt --config <(echo '') inventory/group_vars/all/users.sops.yaml
\ No newline at end of file
+          sops --config <(echo '') -d inventory/group_vars/all/users.sops.yaml
\ No newline at end of file