fix(container): update image ghcr.io/goofball222/unifi ( 8.0.24 → 8.0.26 )

| datasource | package                   | from   | to     |
| ---------- | ------------------------- | ------ | ------ |
| docker     | ghcr.io/goofball222/unifi | 8.0.24 | 8.0.26 |

config-parts/container.sh

@@ -3,6 +3,21 @@
 # Container networks
 set container network containers prefix '10.5.0.0/24'
 
+# bind
+set container name bind cap-add 'net-bind-service'
+set container name bind image 'docker.io/internetsystemsconsortium/bind9:9.19'
+set container name bind command '/usr/sbin/named -4 -f -c /etc/bind/named.conf -u bind'
+set container name bind memory '0'
+set container name bind network containers address '10.5.0.3'
+set container name bind restart 'on-failure'
+set container name bind shared-memory '0'
+set container name bind volume config destination '/etc/bind'
+set container name bind volume config source '/config/containers/bind/config'
+set container name bind volume config mode 'ro'
+set container name bind volume cache source '/tmp/bind/cache'
+set container name bind volume cache destination '/var/cache/bind'
+set container name bind volume cache mode 'rw'
+
 # haproxy-k8s-api
 set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.0'
 set container name haproxy-k8s-api memory '0'
@@ -13,16 +28,6 @@ set container name haproxy-k8s-api volume config source '/config/containers/hapr
 set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
 set container name haproxy-k8s-api volume config mode 'ro'
 
-# haproxy-k3s-api
-set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.0'
-set container name haproxy-k3s-api memory '0'
-set container name haproxy-k3s-api network containers address '10.5.0.3'
-set container name haproxy-k3s-api restart 'on-failure'
-set container name haproxy-k3s-api shared-memory '0'
-set container name haproxy-k3s-api volume config source '/config/containers/haproxy-k3s/config/haproxy.cfg'
-set container name haproxy-k3s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
-set container name haproxy-k3s-api volume config mode 'ro'
-
 # node-exporter
 set container name node-exporter environment procfs value '/host/proc'
 set container name node-exporter environment rootfs value '/host/rootfs'
@@ -80,7 +85,7 @@ set container name unifi environment RUNAS_UID0 value 'false'
 set container name unifi environment TZ value 'America/Chicago'
 set container name unifi environment PGID value '102'
 set container name unifi environment PUID value '999'
-set container name unifi image 'ghcr.io/goofball222/unifi:8.0.24'
+set container name unifi image 'ghcr.io/goofball222/unifi:8.0.26'
 set container name unifi memory '0'
 set container name unifi network containers address '10.5.0.10'
 set container name unifi restart 'on-failure'

config-parts/firewall-ipv4.sh

@@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
 set firewall ipv4 name containers-local default-action 'drop'
 set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
 set firewall ipv4 name containers-local default-log
+set firewall ipv4 name containers-local rule 40 action 'accept'
+set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
+set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
+set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
 set firewall ipv4 name containers-local rule 50 action 'accept'
 set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
 set firewall ipv4 name containers-local rule 50 destination port '67,68'

config-parts/service-dhcp_server.sh

@@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
 
 # k8s prod workers
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
-set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
+set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
@@ -65,8 +65,6 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
 # VMs
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
-set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
-set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
 
 
 # k8s prod masters

containers/.gitignore

@@ -7,6 +7,5 @@
 !/bind/
 !/dnsdist/
 !/haproxy/
-!/haproxy-k3s/
 !/unifi/
 !/vector-agent/

containers/bind/config/zones/db.hsn.dev

@@ -1,30 +0,0 @@
-; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
-; https://www.epochconverter.com/
-
-; SOA Records
-$TTL 3600
-$ORIGIN hsn.dev.
-@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
-  1696362449         ; serial number (epoch timestamp)
-  7200               ; refresh period
-  3600               ; retry period
-  1209600            ; expire time
-  3600               ; minimum ttl
-)
-
-; NS Records
-@                          IN  NS gateway.jahanson.tech.
-
-; Containers
-@                          IN  A 104.26.2.197
-@                          IN  A 104.26.3.197
-@                          IN  A 172.67.72.148
-blog                       IN  A 20.64.91.58
-onepassword-connect        IN  A 10.5.0.5
-git                        IN  A 40.124.184.64
-varda                      IN  A 136.243.8.106
-
-; CNAME Records
-s3                         IN  CNAME nas.jahanson.tech.
-minio                      IN  CNAME nas.jahanson.tech.
-vpn                        IN  CNAME gateway.jahanson.tech.

containers/bind/config/zones/db.jahanson.tech

@@ -5,7 +5,7 @@
 $TTL 3600
 $ORIGIN jahanson.tech.
 @ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
-  1686507728         ; serial number (epoch timestamp)
+  1705263395         ; serial number (epoch timestamp)
   7200               ; refresh period
   3600               ; retry period
   1209600            ; expire time
@@ -21,31 +21,6 @@ gateway                    IN  A  10.1.0.1
 ; Servers
 elessar                    IN  A  10.1.1.11
 sting                      IN  A  10.1.1.12
-gandalf                    IN  A  10.1.1.31
-glamdring                  IN  A  10.1.1.32
-shadowfax                  IN  A  10.1.1.33
-nenya                      IN  A  10.1.1.41
-vilya                      IN  A  10.1.1.42
-narya                      IN  A  10.1.1.43
-nahar                      IN  A  10.1.1.44
-thror                      IN  A  10.1.1.45
-thrain                     IN  A  10.1.1.46
-nextcloud                  IN  A  10.1.1.51
-frodo                      IN  A  10.1.1.52
-tulkas                     IN  A  10.1.1.53
-galadriel                  IN  A  10.1.1.61
-elrond                     IN  A  10.1.1.62
-cirdan                     IN  A  10.1.1.63
-
-; IOT
-livingroom-vacuum          IN  A  10.1.3.18
-
-; Video
-driveway-camera            IN  A  10.1.4.12
-
-; Containers
-morgoth                  IN  A  10.5.0.2
 
 ; CNAME records
 nas                        IN  CNAME  elessar.jahanson.tech.
-pikvm                      IN  CNAME  frodo.jahanson.tech.

containers/haproxy-k3s/.gitignore

@@ -1,9 +0,0 @@
-# Ignore everything
-/*
-
-# Track certain files and directories
-!.gitignore
-
-!/config/
-/config/*
-!/config/haproxy.cfg

containers/haproxy-k3s/config/haproxy.cfg

@@ -1,48 +0,0 @@
-#---------------------------------------------------------------------
-# Global settings
-#---------------------------------------------------------------------
-global
-    log /dev/log local0
-    log /dev/log local1 notice
-    daemon
-
-#---------------------------------------------------------------------
-# common defaults that all the 'listen' and 'backend' sections will
-# use if not designated in their block
-#---------------------------------------------------------------------
-defaults
-    mode                    http
-    log                     global
-    option                  httplog
-    option                  dontlognull
-    option                  http-server-close
-    option forwardfor       except 127.0.0.0/8
-    option                  redispatch
-    retries                 3
-    timeout http-request    10s
-    timeout queue           20s
-    timeout connect         10s
-    timeout client          1h
-    timeout server          1h
-    timeout http-keep-alive 10s
-    timeout check           10s
-
-#---------------------------------------------------------------------
-# apiserver frontend which proxys to the control plane nodes          
-#---------------------------------------------------------------------
-frontend k8s_apiserver                                                
-    bind *:6443                                                       
-    mode tcp                                                          
-    option tcplog                                                     
-    default_backend k8s_controlplane                            
-                                                                      
-#---------------------------------------------------------------------
-# round robin balancing for apiserver                                 
-#---------------------------------------------------------------------
-backend k8s_controlplane                                  
-    option httpchk GET /healthz                                       
-    http-check expect status 200                          
-    mode tcp                                              
-    option ssl-hello-chk                                  
-    balance     roundrobin                                
-        server worker2 10.1.1.55:6443 check 

containers/haproxy/config/haproxy.cfg

@@ -36,12 +36,6 @@ frontend k8s_apiserver
     option tcplog                                                     
     default_backend k8s_controlplane                            
                                                                       
-frontend talos_apiserver                                              
-    bind *:50000                                                      
-    mode tcp                                                          
-    option tcplog                                                     
-    default_backend talos_controlplane                                
-                                                                      
 #---------------------------------------------------------------------
 # round robin balancing for apiserver                                 
 #---------------------------------------------------------------------
@@ -54,13 +48,3 @@ backend k8s_controlplane
         server worker1 10.1.1.61:6443 check   
         server worker2 10.1.1.62:6443 check 
         server worker3 10.1.1.63:6443 check
-                                                          
-backend talos_controlplane                                
-    option httpchk GET /healthz                           
-    http-check expect status 200                          
-    mode tcp                                              
-    option ssl-hello-chk                                  
-    balance     roundrobin                                
-        server worker1 10.1.1.61:50000 check  
-        server worker2 10.1.1.62:50000 check
-        server worker3 10.1.1.63:50000 check