From 4a73e8782f62de96bce09282441b79893aad1b5a Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Tue, 15 Feb 2022 13:40:38 -0600
Subject: [PATCH] Proxy all gitlab CI attempts through a bastion box

---
 .gitlab-ci.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d592fc7..3f4036a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,6 @@
 image: rehashedsalt/ansible-env:bleeding
+variables:
+  SSH_BASTION_ARGS: '-o "ProxyCommand=ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"'
 stages:
   - lint
   - test
@@ -48,20 +50,20 @@ Test:
   except:
     - pipelines
   script:
-    - ansible-playbook --skip-tags no-test -C site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook --skip-tags no-test -C site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
     - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
     - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 
 Play_Against_Remote:
   stage: play
   script:
-    - ansible-playbook -l '!tags_home' site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook -l '!tags_home' site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
     - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
     - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 Play_Against_Home:
   stage: play
   retry: 1
   script:
-    - ansible-playbook -l tags_home site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook -l tags_home site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
     - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
     - if [ -n "$error" ]; then echo "Return code $error"; false; fi