Skip to content

feat: Local SSH adjusted for prefixed remote access #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lholota wants to merge 7 commits into
base: master
Choose a base branch
from
Open

feat: Local SSH adjusted for prefixed remote access #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7d4a177
Local SSH adjusted for prefixed remote access
lholota Nov 6, 2024
d5b14d9
Test
lholota Aug 21, 2025
e9d79aa
Test 2
lholota Aug 21, 2025
3ebcec1
Test 3
lholota Aug 21, 2025
41184a8
Test 4
lholota Aug 21, 2025
384a20b
Test 5
lholota Aug 21, 2025
552f52c
Test 6
lholota Aug 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .DS_Store
View file
Open in desktop
Binary file not shown.
21 changes: 21 additions & 0 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Test
on:
push:

jobs:
validate:
runs-on: ubuntu-latest
env:
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }}
steps:
- name: Checkout code
uses: actions/checkout@master

- name: Install pre-requisites
run: |
sudo wget -q -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64
sudo chmod a+x /usr/bin/sops

- name: SOPS
run: |
sops --config <(echo '') -d inventory/group_vars/all/users.sops.yaml
8 changes: 6 additions & 2 deletions inventory/hosts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ all:
vars:
ansible_user: lholota
domain: homecentr.one
ups_shutdown_command: "systemctl stop ve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
ups_shutdown_command: "systemctl stop pve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
children:
pve_nodes:
hosts:
Expand Down Expand Up @@ -71,7 +71,7 @@ all:
promtail_docker_logs_enabled: true
unifi_controller:
ansible_host: 10.1.2.76
docs:
netboot:
ansible_host: 10.1.2.77
docker_enabled: true
docker_enable_tcp: true
Expand Down Expand Up @@ -119,6 +119,10 @@ all:
docker_enabled: true
docker_enable_tcp: true
promtail_docker_logs_enabled: true
dhcp1:
ansible_host: 10.1.2.90
dhcp2:
ansible_host: 10.1.2.91
vm:
hosts:
coder:
Expand Down
7 changes: 5 additions & 2 deletions playbooks/local/ssh.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,12 @@
create: false
marker: "# {mark} Homecentr SSH configuration"
block: |
# Locally connecting to an actual host, canonicalization works
Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr '10.0.0.0/8'"
ForwardAgent yes

Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
# Remotely the raw hostname does not exist (only with prefix), therefore canonicalization does not work
# so we have to add the domain manually
Match host=pve*,app-* exec "dig -t a 'ssh-%h.{{ domain }}' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
ForwardAgent yes
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname "ssh-%h.{{ domain }}"
Loading