Compare commits
7 commits
d66af81986
...
a27892a120
Author | SHA1 | Date | |
---|---|---|---|
|
a27892a120 | ||
00a660ff3f | |||
190493b65f | |||
d0d4337677 | |||
994042141d | |||
fb3225ea16 | |||
9863551c84 |
5 changed files with 25 additions and 10 deletions
|
@ -19,7 +19,7 @@ set container name bind volume cache destination '/var/cache/bind'
|
||||||
set container name bind volume cache mode 'rw'
|
set container name bind volume cache mode 'rw'
|
||||||
|
|
||||||
# haproxy-k8s-api
|
# haproxy-k8s-api
|
||||||
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.2'
|
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.4'
|
||||||
set container name haproxy-k8s-api memory '0'
|
set container name haproxy-k8s-api memory '0'
|
||||||
set container name haproxy-k8s-api network containers address '10.5.0.2'
|
set container name haproxy-k8s-api network containers address '10.5.0.2'
|
||||||
set container name haproxy-k8s-api restart 'on-failure'
|
set container name haproxy-k8s-api restart 'on-failure'
|
||||||
|
|
|
@ -221,10 +221,10 @@ set firewall ipv4 name local-servers rule 100 description 'Rule: accept_k8s_api'
|
||||||
set firewall ipv4 name local-servers rule 100 destination port '6443'
|
set firewall ipv4 name local-servers rule 100 destination port '6443'
|
||||||
set firewall ipv4 name local-servers rule 100 protocol 'tcp'
|
set firewall ipv4 name local-servers rule 100 protocol 'tcp'
|
||||||
set firewall ipv4 name local-servers rule 200 action 'accept'
|
set firewall ipv4 name local-servers rule 200 action 'accept'
|
||||||
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_vector_syslog'
|
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_graylog_syslog'
|
||||||
set firewall ipv4 name local-servers rule 200 destination group address-group 'k8s_vector_aggregator'
|
set firewall ipv4 name local-servers rule 200 destination group address-group 'graylog'
|
||||||
set firewall ipv4 name local-servers rule 200 destination port '6001'
|
set firewall ipv4 name local-servers rule 200 destination port '1514'
|
||||||
set firewall ipv4 name local-servers rule 200 protocol 'tcp'
|
set firewall ipv4 name local-servers rule 200 protocol 'udp'
|
||||||
set firewall ipv4 name local-servers rule 999 action 'drop'
|
set firewall ipv4 name local-servers rule 999 action 'drop'
|
||||||
set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
|
set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
|
||||||
set firewall ipv4 name local-servers rule 999 state invalid
|
set firewall ipv4 name local-servers rule 999 state invalid
|
||||||
|
|
|
@ -13,7 +13,7 @@ set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worke
|
||||||
set firewall group address-group k8s_api address '10.5.0.2'
|
set firewall group address-group k8s_api address '10.5.0.2'
|
||||||
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
|
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
|
||||||
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
|
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
|
||||||
set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
|
set firewall group address-group graylog address '10.1.1.5'
|
||||||
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
|
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
|
||||||
set firewall group address-group unifi_devices address '10.1.0.11'
|
set firewall group address-group unifi_devices address '10.1.0.11'
|
||||||
set firewall group address-group unifi_devices address '10.1.0.12'
|
set firewall group address-group unifi_devices address '10.1.0.12'
|
||||||
|
|
|
@ -37,19 +37,26 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.5'
|
||||||
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'a0:42:3f:2f:a9:69'
|
||||||
|
|
||||||
# NAS
|
# NAS
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
|
||||||
|
|
||||||
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30'
|
||||||
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75'
|
||||||
|
|
||||||
# k8s prod workers
|
# k8s prod workers
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:4d:b9'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
|
||||||
|
|
||||||
|
@ -91,6 +98,8 @@ set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-ma
|
||||||
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone mac-address 'c2:d2:9a:62:ef:03'
|
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone mac-address 'c2:d2:9a:62:ef:03'
|
||||||
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary ip-address '10.1.2.21'
|
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary ip-address '10.1.2.21'
|
||||||
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address '54:05:db:b1:95:ff'
|
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address '54:05:db:b1:95:ff'
|
||||||
|
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum ip-address '10.1.2.101'
|
||||||
|
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
|
||||||
|
|
||||||
# IoT VLAN
|
# IoT VLAN
|
||||||
set service dhcp-server shared-network-name IOT authoritative
|
set service dhcp-server shared-network-name IOT authoritative
|
||||||
|
|
|
@ -19,3 +19,9 @@ set system task-scheduler task backup-config crontab-spec '30 0 * * *'
|
||||||
set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
|
set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
|
||||||
|
|
||||||
set system time-zone 'America/Chicago'
|
set system time-zone 'America/Chicago'
|
||||||
|
|
||||||
|
# Syslog to graylog
|
||||||
|
set system syslog host 10.1.1.5 facility kern level 'warning'
|
||||||
|
set system syslog host 10.1.1.5 protocol 'udp'
|
||||||
|
set system syslog host 10.1.1.5 port '1514'
|
||||||
|
set system syslog host 10.1.1.5 format 'octet-counted'
|
||||||
|
|
Reference in a new issue