From f10964623d40364da7984c9f5ea235ef13021e70 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 17 Jun 2023 19:12:30 -0400
Subject: [PATCH] Add port forwarding for admin_git jail.

---
 ansible/roles/firewall/files/mrmanager_pf.conf | 8 ++++----
 ansible/roles/kubernetes/tasks/linux.yaml      | 4 +++-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf
index 9e6623d..52561ff 100644
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -25,10 +25,10 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 6443 -> 10.215
 nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
 nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
 
-rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
-rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
-nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
-nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to $not_jail_nat_v4 port 65099 -> 10.215.1.210 port 22
+rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 65099 -> 10.215.1.210 port 22
+# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
 
 
 
diff --git a/ansible/roles/kubernetes/tasks/linux.yaml b/ansible/roles/kubernetes/tasks/linux.yaml
index c9f0cbb..3d556c3 100644
--- a/ansible/roles/kubernetes/tasks/linux.yaml
+++ b/ansible/roles/kubernetes/tasks/linux.yaml
@@ -6,6 +6,7 @@
     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
   loop:
     - kubeswitch
+    - flux-scm
 
 - name: Update cache
   when: buildaur.changed
@@ -13,7 +14,7 @@
     name: []
     state: present
     update_cache: true
-    
+
 - name: Install packages
   package:
     name:
@@ -21,4 +22,5 @@
       - stern
       - kubectx
       - kubeswitch
+      - flux-scm
     state: present