jahanson/vyos-config
Archived
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity

Compare commits

base: jahanson:325f750f6a14f8eb363dee8f5511208b93d14e51
Branches Tags
jahanson:main
jahanson:renovate/quay.io-prometheus-node-exporter-1.x
..
compare: jahanson:abe93d5c8dfd85ac9d36f8f92f9bd29d19d30eb8
Branches Tags
jahanson:renovate/quay.io-prometheus-node-exporter-1.x
jahanson:main

4 commits
325f750f6a ... abe93d5c8d

Author SHA1 Message Date
Smeagol
abe93d5c8d feat(container): update image ghcr.io/goofball222/unifi ( 8.0.28 → 8.1.113 ) 
| datasource | package                   | from   | to      |
| ---------- | ------------------------- | ------ | ------- |
| docker     | ghcr.io/goofball222/unifi | 8.0.28 | 8.1.113 |
 2024-03-30 13:01:52 +00:00
Joseph Hanson
75e08e5de8
This helps to have on. 2024-03-30 06:40:09 -05:00
Joseph Hanson
da62036332
Update shadowfax-01 2024-03-30 06:24:20 -05:00
Joseph Hanson
0d24da08cf
PXE/dhcp/firewall changes. Adding Matchbox. 2024-03-30 06:15:20 -05:00
4 changed files with 27 additions and 16 deletions
Show stats Expand all files Collapse all files

12
config-parts/container.sh
View file

@ -136,3 +136,15 @@ set container name vnstat shared-memory '0'
set container name vnstat volume vnstat-data destination '/var/lib/vnstat'
set container name vnstat volume vnstat-data mode 'rw'
set container name vnstat volume vnstat-data source '/config/containers/vnstat/data'
# matchbox
set container name matchbox arguments '-address=0.0.0.0:80 -log-level=debug'
set container name matchbox cap-add 'net-bind-service'
set container name matchbox image 'quay.io/poseidon/matchbox:v0.10.0'
set container name matchbox memory '0'
set container name matchbox network containers address '10.5.0.7'
set container name matchbox shared-memory '0'
set container name matchbox volume matchbox-data destination '/var/lib/matchbox'
set container name matchbox volume matchbox-data mode 'rw'
set container name matchbox volume matchbox-data propagation 'private'
set container name matchbox volume matchbox-data source '/config/containers/matchbox/data'

2
config-parts/firewall.sh
View file

@ -9,7 +9,7 @@ set firewall global-options all-ping 'enable'
set firewall group address-group router-addresses address 10.0.0.1
set firewall group address-group router-addresses address 127.0.0.1
set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes
set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worker nodes
set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.254' # worker nodes
set firewall group address-group k8s_api address '10.5.0.2'
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx

23
config-parts/service-dhcp_server.sh
View file

@ -43,7 +43,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-pa
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'allow booting;'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'next-server 10.1.1.1;'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'if exists user-class and option user-class = "iPXE" {'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";'
# set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "http://10.5.0.7/boot.ipxe";'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '} else {'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "undionly.kpxe";'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '}'
@ -56,21 +57,11 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf ip-address '10.1.1.13'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address '90:e2:ba:dd:98:20'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address 'b4:96:91:20:2c:58'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75'
# k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
# Raspberry Pis
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping frodo ip-address '10.1.1.51'
@ -97,6 +88,14 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan ip-address '10.1.1.63'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping cirdan mac-address '98:90:96:A2:04:B1'
# k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril ip-address '10.1.1.71'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping anduril mac-address 'd4:5d:64:91:b2:42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 ip-address '10.1.1.72'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf-01 mac-address '52:54:00:e5:08:8d'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 ip-address '10.1.1.73'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax-01 mac-address 'ae:4c:70:3f:79:e4'
# Trusted VLAN
set service dhcp-server shared-network-name TRUSTED authoritative
set service dhcp-server shared-network-name TRUSTED ping-check

6
scripts/vyos-preconfig-bootup.script
View file

@ -15,6 +15,6 @@ mkdir -p /tmp/bind/cache
chown -R 104 /tmp/bind/cache
# Mount USB Backup Drive
# backupdest=/media/usb-backup
# mkdir -p "$backupdest"
# mount -t vfat -o rw,uid=vyos,gid=vyattacfg /dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0376621010005300-0:0-part1 "$backupdest"
backupdest=/media/usb-backup
mkdir -p "$backupdest"
mount -t vfat -o rw,uid=vyos,gid=vyattacfg /dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0376621010005300-0:0-part1 "$backupdest"