Compare commits

...

4 commits

Author SHA1 Message Date
smeagol-help
ee9b154e4c fix(container): update image ghcr.io/goofball222/unifi ( 8.0.24 → 8.0.26 )
| datasource | package                   | from   | to     |
| ---------- | ------------------------- | ------ | ------ |
| docker     | ghcr.io/goofball222/unifi | 8.0.24 | 8.0.26 |
2024-01-14 21:03:28 +00:00
a4fb1c6fb2 re-added bind and updated jahanson.tech. 2024-01-14 14:19:57 -06:00
51100a76cc enable dns from containers --> local 2024-01-12 13:16:37 -06:00
417bdccf18 Talos --> k3s 2024-01-11 14:46:50 -06:00
9 changed files with 24 additions and 146 deletions

View file

@ -3,6 +3,21 @@
# Container networks # Container networks
set container network containers prefix '10.5.0.0/24' set container network containers prefix '10.5.0.0/24'
# bind
set container name bind cap-add 'net-bind-service'
set container name bind image 'docker.io/internetsystemsconsortium/bind9:9.19'
set container name bind command '/usr/sbin/named -4 -f -c /etc/bind/named.conf -u bind'
set container name bind memory '0'
set container name bind network containers address '10.5.0.3'
set container name bind restart 'on-failure'
set container name bind shared-memory '0'
set container name bind volume config destination '/etc/bind'
set container name bind volume config source '/config/containers/bind/config'
set container name bind volume config mode 'ro'
set container name bind volume cache source '/tmp/bind/cache'
set container name bind volume cache destination '/var/cache/bind'
set container name bind volume cache mode 'rw'
# haproxy-k8s-api # haproxy-k8s-api
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.0' set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.0'
set container name haproxy-k8s-api memory '0' set container name haproxy-k8s-api memory '0'
@ -13,16 +28,6 @@ set container name haproxy-k8s-api volume config source '/config/containers/hapr
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg' set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
set container name haproxy-k8s-api volume config mode 'ro' set container name haproxy-k8s-api volume config mode 'ro'
# haproxy-k3s-api
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.0'
set container name haproxy-k3s-api memory '0'
set container name haproxy-k3s-api network containers address '10.5.0.3'
set container name haproxy-k3s-api restart 'on-failure'
set container name haproxy-k3s-api shared-memory '0'
set container name haproxy-k3s-api volume config source '/config/containers/haproxy-k3s/config/haproxy.cfg'
set container name haproxy-k3s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
set container name haproxy-k3s-api volume config mode 'ro'
# node-exporter # node-exporter
set container name node-exporter environment procfs value '/host/proc' set container name node-exporter environment procfs value '/host/proc'
set container name node-exporter environment rootfs value '/host/rootfs' set container name node-exporter environment rootfs value '/host/rootfs'
@ -80,7 +85,7 @@ set container name unifi environment RUNAS_UID0 value 'false'
set container name unifi environment TZ value 'America/Chicago' set container name unifi environment TZ value 'America/Chicago'
set container name unifi environment PGID value '102' set container name unifi environment PGID value '102'
set container name unifi environment PUID value '999' set container name unifi environment PUID value '999'
set container name unifi image 'ghcr.io/goofball222/unifi:8.0.24' set container name unifi image 'ghcr.io/goofball222/unifi:8.0.26'
set container name unifi memory '0' set container name unifi memory '0'
set container name unifi network containers address '10.5.0.10' set container name unifi network containers address '10.5.0.10'
set container name unifi restart 'on-failure' set container name unifi restart 'on-failure'

View file

@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
set firewall ipv4 name containers-local default-action 'drop' set firewall ipv4 name containers-local default-action 'drop'
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL' set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
set firewall ipv4 name containers-local default-log set firewall ipv4 name containers-local default-log
set firewall ipv4 name containers-local rule 40 action 'accept'
set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
set firewall ipv4 name containers-local rule 50 action 'accept' set firewall ipv4 name containers-local rule 50 action 'accept'
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp' set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
set firewall ipv4 name containers-local rule 50 destination port '67,68' set firewall ipv4 name containers-local rule 50 destination port '67,68'

View file

@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# k8s prod workers # k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
@ -65,8 +65,6 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# VMs # VMs
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
# k8s prod masters # k8s prod masters

View file

@ -7,6 +7,5 @@
!/bind/ !/bind/
!/dnsdist/ !/dnsdist/
!/haproxy/ !/haproxy/
!/haproxy-k3s/
!/unifi/ !/unifi/
!/vector-agent/ !/vector-agent/

View file

@ -1,30 +0,0 @@
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
; https://www.epochconverter.com/
; SOA Records
$TTL 3600
$ORIGIN hsn.dev.
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
1696362449 ; serial number (epoch timestamp)
7200 ; refresh period
3600 ; retry period
1209600 ; expire time
3600 ; minimum ttl
)
; NS Records
@ IN NS gateway.jahanson.tech.
; Containers
@ IN A 104.26.2.197
@ IN A 104.26.3.197
@ IN A 172.67.72.148
blog IN A 20.64.91.58
onepassword-connect IN A 10.5.0.5
git IN A 40.124.184.64
varda IN A 136.243.8.106
; CNAME Records
s3 IN CNAME nas.jahanson.tech.
minio IN CNAME nas.jahanson.tech.
vpn IN CNAME gateway.jahanson.tech.

View file

@ -5,7 +5,7 @@
$TTL 3600 $TTL 3600
$ORIGIN jahanson.tech. $ORIGIN jahanson.tech.
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. ( @ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
1686507728 ; serial number (epoch timestamp) 1705263395 ; serial number (epoch timestamp)
7200 ; refresh period 7200 ; refresh period
3600 ; retry period 3600 ; retry period
1209600 ; expire time 1209600 ; expire time
@ -21,31 +21,6 @@ gateway IN A 10.1.0.1
; Servers ; Servers
elessar IN A 10.1.1.11 elessar IN A 10.1.1.11
sting IN A 10.1.1.12 sting IN A 10.1.1.12
gandalf IN A 10.1.1.31
glamdring IN A 10.1.1.32
shadowfax IN A 10.1.1.33
nenya IN A 10.1.1.41
vilya IN A 10.1.1.42
narya IN A 10.1.1.43
nahar IN A 10.1.1.44
thror IN A 10.1.1.45
thrain IN A 10.1.1.46
nextcloud IN A 10.1.1.51
frodo IN A 10.1.1.52
tulkas IN A 10.1.1.53
galadriel IN A 10.1.1.61
elrond IN A 10.1.1.62
cirdan IN A 10.1.1.63
; IOT
livingroom-vacuum IN A 10.1.3.18
; Video
driveway-camera IN A 10.1.4.12
; Containers
morgoth IN A 10.5.0.2
; CNAME records ; CNAME records
nas IN CNAME elessar.jahanson.tech. nas IN CNAME elessar.jahanson.tech.
pikvm IN CNAME frodo.jahanson.tech.

View file

@ -1,9 +0,0 @@
# Ignore everything
/*
# Track certain files and directories
!.gitignore
!/config/
/config/*
!/config/haproxy.cfg

View file

@ -1,48 +0,0 @@
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 20s
timeout connect 10s
timeout client 1h
timeout server 1h
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend k8s_apiserver
bind *:6443
mode tcp
option tcplog
default_backend k8s_controlplane
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend k8s_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker2 10.1.1.55:6443 check

View file

@ -36,12 +36,6 @@ frontend k8s_apiserver
option tcplog option tcplog
default_backend k8s_controlplane default_backend k8s_controlplane
frontend talos_apiserver
bind *:50000
mode tcp
option tcplog
default_backend talos_controlplane
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# round robin balancing for apiserver # round robin balancing for apiserver
#--------------------------------------------------------------------- #---------------------------------------------------------------------
@ -54,13 +48,3 @@ backend k8s_controlplane
server worker1 10.1.1.61:6443 check server worker1 10.1.1.61:6443 check
server worker2 10.1.1.62:6443 check server worker2 10.1.1.62:6443 check
server worker3 10.1.1.63:6443 check server worker3 10.1.1.63:6443 check
backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:50000 check
server worker2 10.1.1.62:50000 check
server worker3 10.1.1.63:50000 check