From e32301fa3c798fd28afc1f030f62f795a11440cd Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Wed, 23 Aug 2023 21:14:39 -0400
Subject: [PATCH] roles/firewall: make bastion_ip a variable

---
 roles/firewall/defaults/main.yml | 2 ++
 roles/firewall/tasks/main.yml    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/firewall/defaults/main.yml b/roles/firewall/defaults/main.yml
index 267b80d..8880cc3 100644
--- a/roles/firewall/defaults/main.yml
+++ b/roles/firewall/defaults/main.yml
@@ -6,3 +6,5 @@
 local_subnet: 192.168.0.0/24
 
 sshd_port: 2500
+
+bastion_ip: "{{ host_vars[groups['bastion'][0]]['local_ip'] }}"
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index a65bb56..6595509 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -14,7 +14,7 @@
 
 - name: Set default sources (fleet server)
   set_fact:
-    default_firewall_src: "{{ host_vars[groups['bastion'][0]]['local_ip'] }}"
+    default_firewall_src: "{{ bastion_ip }}"
   when: "fleet" in group_names
 
 - name: Allow service ports