Compare commits

..

1 commit

Author SHA1 Message Date
smeagol-help
d66af81986 fix(container): update image docker.io/library/haproxy ( 2.9.2 → 2.9.3 )
| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| docker     | docker.io/library/haproxy | 2.9.2 | 2.9.3 |
2024-01-19 02:01:04 +00:00
5 changed files with 10 additions and 25 deletions

View file

@ -19,7 +19,7 @@ set container name bind volume cache destination '/var/cache/bind'
set container name bind volume cache mode 'rw'
# haproxy-k8s-api
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.4'
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.3'
set container name haproxy-k8s-api memory '0'
set container name haproxy-k8s-api network containers address '10.5.0.2'
set container name haproxy-k8s-api restart 'on-failure'

View file

@ -221,10 +221,10 @@ set firewall ipv4 name local-servers rule 100 description 'Rule: accept_k8s_api'
set firewall ipv4 name local-servers rule 100 destination port '6443'
set firewall ipv4 name local-servers rule 100 protocol 'tcp'
set firewall ipv4 name local-servers rule 200 action 'accept'
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_graylog_syslog'
set firewall ipv4 name local-servers rule 200 destination group address-group 'graylog'
set firewall ipv4 name local-servers rule 200 destination port '1514'
set firewall ipv4 name local-servers rule 200 protocol 'udp'
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_vector_syslog'
set firewall ipv4 name local-servers rule 200 destination group address-group 'k8s_vector_aggregator'
set firewall ipv4 name local-servers rule 200 destination port '6001'
set firewall ipv4 name local-servers rule 200 protocol 'tcp'
set firewall ipv4 name local-servers rule 999 action 'drop'
set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name local-servers rule 999 state invalid

View file

@ -13,7 +13,7 @@ set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worke
set firewall group address-group k8s_api address '10.5.0.2'
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
set firewall group address-group graylog address '10.1.1.5'
set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
set firewall group address-group unifi_devices address '10.1.0.11'
set firewall group address-group unifi_devices address '10.1.0.12'

View file

@ -37,26 +37,19 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
# Logging
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.5'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'a0:42:3f:2f:a9:69'
# NAS
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75'
# k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:4d:b9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
@ -98,8 +91,6 @@ set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-ma
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone mac-address 'c2:d2:9a:62:ef:03'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary ip-address '10.1.2.21'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address '54:05:db:b1:95:ff'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum ip-address '10.1.2.101'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
# IoT VLAN
set service dhcp-server shared-network-name IOT authoritative

View file

@ -19,9 +19,3 @@ set system task-scheduler task backup-config crontab-spec '30 0 * * *'
set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
set system time-zone 'America/Chicago'
# Syslog to graylog
set system syslog host 10.1.1.5 facility kern level 'warning'
set system syslog host 10.1.1.5 protocol 'udp'
set system syslog host 10.1.1.5 port '1514'
set system syslog host 10.1.1.5 format 'octet-counted'