From d0e61a8c9041e5a678fcbc5bfe682cb084feaeb7 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 2 May 2023 08:36:56 -0500 Subject: [PATCH] bringing vyos-config up to date. --- apply-config.sh | 1 + config-parts/firewall-name.sh | 9 +++++++-- config-parts/service-dhcp_server.sh | 8 ++++---- config-parts/system-static_host_mapping.sh | 9 ++++++--- scripts/vyos-postconfig-bootup.script | 4 ++-- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/apply-config.sh b/apply-config.sh index 3ab733e..2811dc0 100644 --- a/apply-config.sh +++ b/apply-config.sh @@ -83,6 +83,7 @@ else run delete container image "${image_id}" fi done + sudo find "/config" -name "overlay*" -type d -prune -exec rm -rf "{}" \; fi exit diff --git a/config-parts/firewall-name.sh b/config-parts/firewall-name.sh index 2e2b680..73844d1 100644 --- a/config-parts/firewall-name.sh +++ b/config-parts/firewall-name.sh @@ -414,10 +414,15 @@ set firewall name servers-local rule 5 description 'Rule: accept_tftp' set firewall name servers-local rule 5 destination port '69' set firewall name servers-local rule 5 protocol 'udp' set firewall name servers-local rule 6 action 'accept' -set firewall name servers-local rule 6 description 'Rule: accept_prometheus_from_k8s_nodes' -set firewall name servers-local rule 6 destination port '9153' +set firewall name servers-local rule 6 description 'Rule: accept_node_exporter_from_k8s_nodes' +set firewall name servers-local rule 6 destination port '9100' set firewall name servers-local rule 6 protocol 'tcp' set firewall name servers-local rule 6 source group address-group 'k8s_nodes' +set firewall name servers-local rule 7 action 'accept' +set firewall name servers-local rule 7 description 'Rule: accept_speedtest_exporter_from_k8s_nodes' +set firewall name servers-local rule 7 destination port '9798' +set firewall name servers-local rule 7 protocol 'tcp' +set firewall name servers-local rule 7 source group address-group 'k8s_nodes' # From SERVERS to SERVICES set firewall name servers-services default-action 'accept' diff --git a/config-parts/service-dhcp_server.sh b/config-parts/service-dhcp_server.sh index 0382978..c64b4b6 100644 --- a/config-parts/service-dhcp_server.sh +++ b/config-parts/service-dhcp_server.sh @@ -143,7 +143,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping glamdring ip-address '10.1.1.32' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping glamdring mac-address 'd4:5d:64:91:b2:42' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.33' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '00:e0:4c:68:02:b1' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:73' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping lembas ip-address '10.1.1.34' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping lembas mac-address 'c8:1f:66:10:51:d9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11' @@ -155,8 +155,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping jellydocks ip-address '10.1.1.14' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping jellydocks mac-address 'ea:87:86:9c:73:43' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping horus ip-address '10.1.1.51' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping horus mac-address 'b8:27:eb:b2:09:b0' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nextcloud ip-address '10.1.1.51' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nextcloud mac-address 'c8:1f:66:10:4d:b9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping frodo ip-address '10.1.1.52' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping frodo mac-address 'dc:a6:32:09:76:4c' @@ -175,7 +175,7 @@ set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-ma set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone ip-address '10.1.2.31' set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone mac-address 'c2:d2:9a:62:ef:03' set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary ip-address '10.1.2.21' -set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address 'f8:4d:89:7a:db:8b' +set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address '54:05:db:b1:95:ff' set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping eva-ipad ip-address '10.1.2.35' set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping eva-ipad mac-address 'aa:ab:96:ce:f8:03' diff --git a/config-parts/system-static_host_mapping.sh b/config-parts/system-static_host_mapping.sh index 2664f9c..633f879 100644 --- a/config-parts/system-static_host_mapping.sh +++ b/config-parts/system-static_host_mapping.sh @@ -9,13 +9,16 @@ set system static-host-mapping host-name unifi inet 10.5.0.10 # NAS set system static-host-mapping host-name elessar.jahanson.tech inet 10.1.1.11 set system static-host-mapping host-name elessar.jahanson.tech alias nas.jahanson.tech -set system static-host-mapping host-name elessar.jahanson.tech alias garage.hsn.dev +set system static-host-mapping host-name elessar.jahanson.tech alias minio.hsn.dev set system static-host-mapping host-name elessar.jahanson.tech alias s3.hsn.dev +# Home Assistant +set system static-host-mapping host-name homeassistant.jahanson.tech inet 10.1.1.13 + # Kubernetes hosts set system static-host-mapping host-name gandalf.jahanson.tech inet 10.1.1.31 set system static-host-mapping host-name glamdring.jahanson.tech inet 10.1.1.32 -# set system static-host-mapping host-name shadowfax.jahanson.tech inet 10.1.1.33 +set system static-host-mapping host-name shadowfax.jahanson.tech inet 10.1.1.33 set system static-host-mapping host-name lembas.jahanson.tech inet 10.1.1.34 # Kubernetes cluster VIP @@ -25,7 +28,7 @@ set system static-host-mapping host-name cluster-0.jahanson.tech inet 10.5.0.2 set system static-host-mapping host-name sting.jahanson.tech inet 10.1.1.12 set system static-host-mapping host-name frodo.jahanson.tech inet 10.1.1.52 set system static-host-mapping host-name frodo.jahanson.tech alias pikvm.jahanson.tech -set system static-host-mapping host-name horus.jahanson.tech inet 10.1.1.51 +set system static-host-mapping host-name nextcloud.jahanson.tech inet 10.1.1.51 set system static-host-mapping host-name driveway-camera-doorbell.jahanson.tech inet 10.1.4.12 set system static-host-mapping host-name hallway-zigbee-adapter.jahanson.tech inet 10.1.3.46 diff --git a/scripts/vyos-postconfig-bootup.script b/scripts/vyos-postconfig-bootup.script index 27414ab..eec590b 100644 --- a/scripts/vyos-postconfig-bootup.script +++ b/scripts/vyos-postconfig-bootup.script @@ -4,7 +4,7 @@ # services not available through the VyOS CLI system can be placed here. # Add dotfiles for home directory -tee /home/vyos/.gitconfig </dev/null [init] defaultBranch = main [safe] @@ -14,7 +14,7 @@ tee /home/vyos/.gitconfig </dev/null export SOPS_AGE_KEY_FILE=/config/secrets/age.key export GIT_SSH_COMMAND="ssh -i /config/secrets/id_ed25519" export VISUAL=nano