Compare commits

..

4 commits

Author SHA1 Message Date
smeagol-help
ee9b154e4c fix(container): update image ghcr.io/goofball222/unifi ( 8.0.24 → 8.0.26 )
| datasource | package                   | from   | to     |
| ---------- | ------------------------- | ------ | ------ |
| docker     | ghcr.io/goofball222/unifi | 8.0.24 | 8.0.26 |
2024-01-14 21:03:28 +00:00
a4fb1c6fb2 re-added bind and updated jahanson.tech. 2024-01-14 14:19:57 -06:00
51100a76cc enable dns from containers --> local 2024-01-12 13:16:37 -06:00
417bdccf18 Talos --> k3s 2024-01-11 14:46:50 -06:00
9 changed files with 23 additions and 145 deletions

View file

@ -3,6 +3,21 @@
# Container networks # Container networks
set container network containers prefix '10.5.0.0/24' set container network containers prefix '10.5.0.0/24'
# bind
set container name bind cap-add 'net-bind-service'
set container name bind image 'docker.io/internetsystemsconsortium/bind9:9.19'
set container name bind command '/usr/sbin/named -4 -f -c /etc/bind/named.conf -u bind'
set container name bind memory '0'
set container name bind network containers address '10.5.0.3'
set container name bind restart 'on-failure'
set container name bind shared-memory '0'
set container name bind volume config destination '/etc/bind'
set container name bind volume config source '/config/containers/bind/config'
set container name bind volume config mode 'ro'
set container name bind volume cache source '/tmp/bind/cache'
set container name bind volume cache destination '/var/cache/bind'
set container name bind volume cache mode 'rw'
# haproxy-k8s-api # haproxy-k8s-api
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.0' set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.0'
set container name haproxy-k8s-api memory '0' set container name haproxy-k8s-api memory '0'
@ -13,16 +28,6 @@ set container name haproxy-k8s-api volume config source '/config/containers/hapr
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg' set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
set container name haproxy-k8s-api volume config mode 'ro' set container name haproxy-k8s-api volume config mode 'ro'
# haproxy-k3s-api
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.0'
set container name haproxy-k3s-api memory '0'
set container name haproxy-k3s-api network containers address '10.5.0.3'
set container name haproxy-k3s-api restart 'on-failure'
set container name haproxy-k3s-api shared-memory '0'
set container name haproxy-k3s-api volume config source '/config/containers/haproxy-k3s/config/haproxy.cfg'
set container name haproxy-k3s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
set container name haproxy-k3s-api volume config mode 'ro'
# node-exporter # node-exporter
set container name node-exporter environment procfs value '/host/proc' set container name node-exporter environment procfs value '/host/proc'
set container name node-exporter environment rootfs value '/host/rootfs' set container name node-exporter environment rootfs value '/host/rootfs'

View file

@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
set firewall ipv4 name containers-local default-action 'drop' set firewall ipv4 name containers-local default-action 'drop'
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL' set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
set firewall ipv4 name containers-local default-log set firewall ipv4 name containers-local default-log
set firewall ipv4 name containers-local rule 40 action 'accept'
set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
set firewall ipv4 name containers-local rule 50 action 'accept' set firewall ipv4 name containers-local rule 50 action 'accept'
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp' set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
set firewall ipv4 name containers-local rule 50 destination port '67,68' set firewall ipv4 name containers-local rule 50 destination port '67,68'

View file

@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# k8s prod workers # k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
@ -65,8 +65,6 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# VMs # VMs
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
# k8s prod masters # k8s prod masters

View file

@ -7,6 +7,5 @@
!/bind/ !/bind/
!/dnsdist/ !/dnsdist/
!/haproxy/ !/haproxy/
!/haproxy-k3s/
!/unifi/ !/unifi/
!/vector-agent/ !/vector-agent/

View file

@ -1,30 +0,0 @@
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
; https://www.epochconverter.com/
; SOA Records
$TTL 3600
$ORIGIN hsn.dev.
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
1696362449 ; serial number (epoch timestamp)
7200 ; refresh period
3600 ; retry period
1209600 ; expire time
3600 ; minimum ttl
)
; NS Records
@ IN NS gateway.jahanson.tech.
; Containers
@ IN A 104.26.2.197
@ IN A 104.26.3.197
@ IN A 172.67.72.148
blog IN A 20.64.91.58
onepassword-connect IN A 10.5.0.5
git IN A 40.124.184.64
varda IN A 136.243.8.106
; CNAME Records
s3 IN CNAME nas.jahanson.tech.
minio IN CNAME nas.jahanson.tech.
vpn IN CNAME gateway.jahanson.tech.

View file

@ -5,7 +5,7 @@
$TTL 3600 $TTL 3600
$ORIGIN jahanson.tech. $ORIGIN jahanson.tech.
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. ( @ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
1686507728 ; serial number (epoch timestamp) 1705263395 ; serial number (epoch timestamp)
7200 ; refresh period 7200 ; refresh period
3600 ; retry period 3600 ; retry period
1209600 ; expire time 1209600 ; expire time
@ -21,31 +21,6 @@ gateway IN A 10.1.0.1
; Servers ; Servers
elessar IN A 10.1.1.11 elessar IN A 10.1.1.11
sting IN A 10.1.1.12 sting IN A 10.1.1.12
gandalf IN A 10.1.1.31
glamdring IN A 10.1.1.32
shadowfax IN A 10.1.1.33
nenya IN A 10.1.1.41
vilya IN A 10.1.1.42
narya IN A 10.1.1.43
nahar IN A 10.1.1.44
thror IN A 10.1.1.45
thrain IN A 10.1.1.46
nextcloud IN A 10.1.1.51
frodo IN A 10.1.1.52
tulkas IN A 10.1.1.53
galadriel IN A 10.1.1.61
elrond IN A 10.1.1.62
cirdan IN A 10.1.1.63
; IOT
livingroom-vacuum IN A 10.1.3.18
; Video
driveway-camera IN A 10.1.4.12
; Containers
morgoth IN A 10.5.0.2
; CNAME records ; CNAME records
nas IN CNAME elessar.jahanson.tech. nas IN CNAME elessar.jahanson.tech.
pikvm IN CNAME frodo.jahanson.tech.

View file

@ -1,9 +0,0 @@
# Ignore everything
/*
# Track certain files and directories
!.gitignore
!/config/
/config/*
!/config/haproxy.cfg

View file

@ -1,48 +0,0 @@
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 20s
timeout connect 10s
timeout client 1h
timeout server 1h
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend k8s_apiserver
bind *:6443
mode tcp
option tcplog
default_backend k8s_controlplane
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend k8s_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker2 10.1.1.55:6443 check

View file

@ -36,12 +36,6 @@ frontend k8s_apiserver
option tcplog option tcplog
default_backend k8s_controlplane default_backend k8s_controlplane
frontend talos_apiserver
bind *:50000
mode tcp
option tcplog
default_backend talos_controlplane
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# round robin balancing for apiserver # round robin balancing for apiserver
#--------------------------------------------------------------------- #---------------------------------------------------------------------
@ -54,13 +48,3 @@ backend k8s_controlplane
server worker1 10.1.1.61:6443 check server worker1 10.1.1.61:6443 check
server worker2 10.1.1.62:6443 check server worker2 10.1.1.62:6443 check
server worker3 10.1.1.63:6443 check server worker3 10.1.1.63:6443 check
backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:50000 check
server worker2 10.1.1.62:50000 check
server worker3 10.1.1.63:50000 check