diff --git a/talos/patches/mc-all.yml b/talos/patches/mc-all.yml index 1fbb0ea..f435bff 100644 --- a/talos/patches/mc-all.yml +++ b/talos/patches/mc-all.yml @@ -28,4 +28,5 @@ machine: time: disabled: false servers: - - 192.168.1.11 \ No newline at end of file + - 192.168.1.11 + - 10.96.10.254 \ No newline at end of file diff --git a/talos/patches/mc-node00.yml b/talos/patches/mc-node00.yml index 00532c2..8d42881 100644 --- a/talos/patches/mc-node00.yml +++ b/talos/patches/mc-node00.yml @@ -4,6 +4,7 @@ machine: hostname: node00.balsillie.house nameservers: - 192.168.1.11 + - 10.96.10.254 interfaces: - deviceSelector: hardwareAddr: 'f4:4d:30:6e:62:a7' @@ -11,5 +12,8 @@ machine: routes: - network: 0.0.0.0/0 gateway: 192.168.1.11 + - network: 0.0.0.0/0 + gateway: 10.96.10.254 addresses: - - 192.168.1.15/24 \ No newline at end of file + - 192.168.1.15/24 + - 10.96.10.30/24 \ No newline at end of file diff --git a/talos/talos-patch.yaml b/talos/talos-patch.yaml index 0cb143c..21743bd 100644 --- a/talos/talos-patch.yaml +++ b/talos/talos-patch.yaml @@ -9,7 +9,7 @@ cluster: extraManifests: - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml - - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml + # - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml inlineManifests: - name: calico-installation contents: | @@ -53,6 +53,8 @@ cluster: asNumber: 64624 serviceClusterIPs: - cidr: 10.80.0.0/12 + serviceExternalIPs: + - cidr: 10.96.20.0/24 - name: calico-bgppeer contents: | apiVersion: crd.projectcalico.org/v1 diff --git a/terraform/cloudflare/main.tf b/terraform/cloudflare/main.tf index 716dc45..d1c370b 100644 --- a/terraform/cloudflare/main.tf +++ b/terraform/cloudflare/main.tf @@ -29,6 +29,16 @@ locals { } } +import { + to = cloudflare_zone.balsillie_net + id = var.zone_id +} + +import { + to = cloudflare_zone_dnssec.balsillie_net + id = var.zone_id +} + resource "cloudflare_zone" "balsillie_net" { account_id = data.cloudflare_accounts.default.accounts[0].id zone = "balsillie.net" diff --git a/terraform/cloudflare/secrets.auto.example b/terraform/cloudflare/secrets.auto.example index cd595e2..d4d3a0a 100644 --- a/terraform/cloudflare/secrets.auto.example +++ b/terraform/cloudflare/secrets.auto.example @@ -1,3 +1,4 @@ # Rename this file to "secrets.auto.tfvars" -api_token = "CHANGE ME" \ No newline at end of file +api_token = "CHANGE ME" +zone_id = "CHANGE ME" \ No newline at end of file diff --git a/terraform/cloudflare/variable_definitions.tf b/terraform/cloudflare/variable_definitions.tf index bbc7979..f8acd69 100644 --- a/terraform/cloudflare/variable_definitions.tf +++ b/terraform/cloudflare/variable_definitions.tf @@ -5,6 +5,13 @@ variable "api_token" { sensitive = true } +variable "zone_id" { + description = "The DNS zone id as siplayed in cloudflare dashboard." + type = string + default = "" + sensitive = false +} + variable "dns_records" { description = "DNS A records to create" type = list(object({ diff --git a/terraform/cloudflare/variables.auto.tfvars b/terraform/cloudflare/variables.auto.tfvars index c5757b1..3b5796e 100644 --- a/terraform/cloudflare/variables.auto.tfvars +++ b/terraform/cloudflare/variables.auto.tfvars @@ -1,28 +1,29 @@ +zone_id = "affce43bd72967adbe9ac9cc32c4532b" + dns_records = [ - { name = "@", type = "TXT", content = "\"v=spf1 +ip4:5.161.254.39 -all\"", ttl = 60 }, + { name = "@", type = "TXT", content = "\"v=spf1 +a:wan.balsillie.house -all\"", ttl = 60 }, { name = "@", type = "TXT", content = "\"openpgp4fpr:2362b71cc210e435244d63dae81ed7810d966cd4\"", ttl = 60 }, { name = "_dmarc", type = "TXT", content = "\"v=DMARC1; p=reject; rua=mailto:postmaster@balsillie.net; ruf=mailto:postmaster@balsillie.net; sp=reject; fo=1; aspf=s; adkim=s; ri=259200\"", ttl = 60 }, + { name = "_mta-sts", type = "TXT", content = "\"v=STSv1; id=1734552187\"", ttl = 60 }, + { name = "_smtp._tls", type = "TXT", content = "\"v=TLSRPTv1; rua=mailto:postmaster@balsillie.net\"", ttl = 60 }, { name = "mail._domainkey", type = "TXT", content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+URc62p2hXgTgt+1NEo8tCm1SWYPXlnsO9vQdz3SqM6SUXyV/nuLzHQBriJwEnL7sXlmMvfu7JkY4wx/q4nZUVqJ6P8tV4qqRTlPYf9EOtzdPetvz24NVcI8Jh1qo06K/JXTPwGssSDnacfC6B14Q06JPC+1Kx28pOu8XLZSJpwIDAQAB\"", ttl = 60 }, - { name = "@", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "www", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "cloud", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "imap", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "sieve", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "smtp", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "auth", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "autoconfig", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "autodiscover", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "code", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "im", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "matrix", type = "A", content = "5.161.254.39", ttl = 60 }, + { name = "@", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "account", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "auth", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "auth-admin", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "autoconfig", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "cloud", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "code", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "im", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "imap", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, { name = "matrix-auth", type = "A", content = "5.161.254.39", ttl = 60 }, + { name = "matrix-client", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "matrix-federation", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "matrix-sync", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "mta-sts", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "notify", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "office", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "social", type = "A", content = "5.161.254.39", ttl = 60 }, - { name = "turn", type = "A", content = "5.161.254.39", ttl = 60 } + { name = "mta-sts", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "notify", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "office", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "smtp", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }, + { name = "social", type = "CNAME", content = "wan.balsillie.house", ttl = 60 } ] mx_records = [