Local SSH adjusted for prefixed remote access

inventory/hosts.yaml

@@ -2,7 +2,7 @@ all:
   vars:
     ansible_user: lholota
     domain: homecentr.one
-    ups_shutdown_command: "systemctl stop ve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
+    ups_shutdown_command: "systemctl stop pve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
   children:
     pve_nodes:
       hosts:
@@ -71,7 +71,7 @@ all:
               promtail_docker_logs_enabled: true
             unifi_controller:
               ansible_host: 10.1.2.76
-            docs:
+            netboot:
               ansible_host: 10.1.2.77
               docker_enabled: true
               docker_enable_tcp: true
@@ -119,6 +119,10 @@ all:
               docker_enabled: true
               docker_enable_tcp: true
               promtail_docker_logs_enabled: true
+            dhcp1:
+              ansible_host: 10.1.2.90
+            dhcp2:
+              ansible_host: 10.1.2.91
         vm:
           hosts:
             coder:

playbooks/local/ssh.yaml

@@ -30,9 +30,12 @@
         create: false
         marker: "# {mark} Homecentr SSH configuration"
         block: |
+          # Locally connecting to an actual host, canonicalization works
           Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr '10.0.0.0/8'"
             ForwardAgent yes
 
-          Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
+          # Remotely the raw hostname does not exist (only with prefix), therefore canonicalization does not work
+          # so we have to add the domain manually
+          Match host=pve*,app-* exec "dig -t a 'ssh-%h.{{ domain }}' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
             ForwardAgent yes
-            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
+            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname "ssh-%h.{{ domain }}"