Compare commits

..

7 commits

Author SHA1 Message Date
smeagol-help
a27892a120 fix(container): update image docker.io/library/haproxy ( 2.9.2 → 2.9.4 )
| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| docker     | docker.io/library/haproxy | 2.9.2 | 2.9.4 |
2024-02-01 17:12:53 +00:00
00a660ff3f Update nenya mac addr. 2024-01-26 15:36:56 -06:00
190493b65f Added graylog and feed logs to it from vyos. 2024-01-26 09:54:49 -06:00
d0d4337677 Added graylog and feed logs to it from vyos. 2024-01-26 09:54:04 -06:00
994042141d Updating vilya and adding elrond. 2024-01-25 17:58:39 -06:00
fb3225ea16 Added server. 2024-01-23 06:34:00 -06:00
9863551c84 Move gollum as scrypted server. 2024-01-19 19:34:35 -06:00
5 changed files with 25 additions and 10 deletions

View file

@ -19,7 +19,7 @@ set container name bind volume cache destination '/var/cache/bind'
set container name bind volume cache mode 'rw'
# haproxy-k8s-api
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.3'
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.4'
set container name haproxy-k8s-api memory '0'
set container name haproxy-k8s-api network containers address '10.5.0.2'
set container name haproxy-k8s-api restart 'on-failure'

View file

@ -221,10 +221,10 @@ set firewall ipv4 name local-servers rule 100 description 'Rule: accept_k8s_api'
set firewall ipv4 name local-servers rule 100 destination port '6443'
set firewall ipv4 name local-servers rule 100 protocol 'tcp'
set firewall ipv4 name local-servers rule 200 action 'accept'
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_vector_syslog'
set firewall ipv4 name local-servers rule 200 destination group address-group 'k8s_vector_aggregator'
set firewall ipv4 name local-servers rule 200 destination port '6001'
set firewall ipv4 name local-servers rule 200 protocol 'tcp'
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_graylog_syslog'
set firewall ipv4 name local-servers rule 200 destination group address-group 'graylog'
set firewall ipv4 name local-servers rule 200 destination port '1514'
set firewall ipv4 name local-servers rule 200 protocol 'udp'
set firewall ipv4 name local-servers rule 999 action 'drop'
set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name local-servers rule 999 state invalid

View file

@ -13,7 +13,7 @@ set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worke
set firewall group address-group k8s_api address '10.5.0.2'
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
set firewall group address-group graylog address '10.1.1.5'
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
set firewall group address-group unifi_devices address '10.1.0.11'
set firewall group address-group unifi_devices address '10.1.0.12'

View file

@ -37,19 +37,26 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
# Logging
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.5'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'a0:42:3f:2f:a9:69'
# NAS
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75'
# k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:4d:b9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond ip-address '10.1.1.43'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elrond mac-address 'BC:24:11:1D:24:93'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '80:e8:2c:db:68:a2'
@ -91,6 +98,8 @@ set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-ma
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping jahanson-iphone mac-address 'c2:d2:9a:62:ef:03'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary ip-address '10.1.2.21'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping legiondary mac-address '54:05:db:b1:95:ff'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum ip-address '10.1.2.101'
set service dhcp-server shared-network-name TRUSTED subnet 10.1.2.0/24 static-mapping gollum mac-address 'fc:aa:14:93:fb:b1'
# IoT VLAN
set service dhcp-server shared-network-name IOT authoritative

View file

@ -19,3 +19,9 @@ set system task-scheduler task backup-config crontab-spec '30 0 * * *'
set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
set system time-zone 'America/Chicago'
# Syslog to graylog
set system syslog host 10.1.1.5 facility kern level 'warning'
set system syslog host 10.1.1.5 protocol 'udp'
set system syslog host 10.1.1.5 port '1514'
set system syslog host 10.1.1.5 format 'octet-counted'