From 7d4a177968cbee60299162accc81d51e0e0f0881 Mon Sep 17 00:00:00 2001
From: Lukas Holota <me@lholota.com>
Date: Wed, 6 Nov 2024 16:03:54 +0100
Subject: [PATCH] Local SSH adjusted for prefixed remote access

---
 inventory/hosts.yaml     | 8 ++++++--
 playbooks/local/ssh.yaml | 7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml
index e9ccab7..bd87ef6 100644
--- a/inventory/hosts.yaml
+++ b/inventory/hosts.yaml
@@ -2,7 +2,7 @@ all:
   vars:
     ansible_user: lholota
     domain: homecentr.one
-    ups_shutdown_command: "systemctl stop ve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
+    ups_shutdown_command: "systemctl stop pve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
   children:
     pve_nodes:
       hosts:
@@ -71,7 +71,7 @@ all:
               promtail_docker_logs_enabled: true
             unifi_controller:
               ansible_host: 10.1.2.76
-            docs:
+            netboot:
               ansible_host: 10.1.2.77
               docker_enabled: true
               docker_enable_tcp: true
@@ -119,6 +119,10 @@ all:
               docker_enabled: true
               docker_enable_tcp: true
               promtail_docker_logs_enabled: true
+            dhcp1:
+              ansible_host: 10.1.2.90
+            dhcp2:
+              ansible_host: 10.1.2.91
         vm:
           hosts:
             coder:
diff --git a/playbooks/local/ssh.yaml b/playbooks/local/ssh.yaml
index 688eba0..4214b5a 100644
--- a/playbooks/local/ssh.yaml
+++ b/playbooks/local/ssh.yaml
@@ -30,9 +30,12 @@
         create: false
         marker: "# {mark} Homecentr SSH configuration"
         block: |
+          # Locally connecting to an actual host, canonicalization works
           Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr '10.0.0.0/8'"
             ForwardAgent yes
 
-          Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
+          # Remotely the raw hostname does not exist (only with prefix), therefore canonicalization does not work
+          # so we have to add the domain manually
+          Match host=pve*,app-* exec "dig -t a 'ssh-%h.{{ domain }}' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
             ForwardAgent yes
-            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
+            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname "ssh-%h.{{ domain }}"