From 61e0166ee67370007de1d47c72120fe0259d5aee Mon Sep 17 00:00:00 2001
From: Max <git@maximhutz.me>
Date: Tue, 30 Dec 2025 13:15:38 -0500
Subject: [PATCH] feat: connect to servers using nat as jumphost

---
 Taskfile.yml                | 1 +
 ansible.cfg                 | 3 ++-
 inventory.cfg               | 6 ++++++
 playbooks/configure_nat.yml | 5 +++++
 4 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 inventory.cfg
 create mode 100644 playbooks/configure_nat.yml

diff --git a/Taskfile.yml b/Taskfile.yml
index 4caab9e..de7dfa4 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -4,6 +4,7 @@ tasks:
   vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
   tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
   tf:destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}}
+  configure-nat: ansible-playbook playbooks/configure_nat.yml {{.CLI_ARGS}}
 
   enter:
     cmd: ssh -i {{.KEY}} -p 22 root@{{.IP}}
diff --git a/ansible.cfg b/ansible.cfg
index 63c126b..9d0d377 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
 [defaults]
 callbacks_enabled = profile_tasks
+inventory = inventory.cfg
 localhost_warning = False
 vault_password_file = vault.key
 interpreter_python = /usr/bin/python3.11
@@ -8,6 +9,6 @@ interpreter_python = /usr/bin/python3.11
 inventory_unparsed_warning = False
 
 [ssh_connection]
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
+ssh_args = -F secrets/ssh.cfg -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
 pipelining = True
 retries = 2
\ No newline at end of file
diff --git a/inventory.cfg b/inventory.cfg
new file mode 100644
index 0000000..1d74c7e
--- /dev/null
+++ b/inventory.cfg
@@ -0,0 +1,6 @@
+[gateways]
+nat
+
+[servers]
+node-a
+node-b
\ No newline at end of file
diff --git a/playbooks/configure_nat.yml b/playbooks/configure_nat.yml
new file mode 100644
index 0000000..002e570
--- /dev/null
+++ b/playbooks/configure_nat.yml
@@ -0,0 +1,5 @@
+- name: Configure NAT
+  hosts: gateways
+  gather_facts: false
+  tasks:
+    - ansible.builtin.raw: hostname -I