michael/IaC
1
0
Fork 0
Code Packages

dns and talos

Browse Source
This commit is contained in:
= 2024-12-18 15:42:45 -05:00
parent 85d6fe5056
commit bde6a5f208
7 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
talos/patches/mc-all.yml
View File

@ -29,3 +29,4 @@ machine:
disabled: false disabled: false
servers: servers:
- 192.168.1.11 - 192.168.1.11
- 10.96.10.254

4
talos/patches/mc-node00.yml
View File

@ -4,6 +4,7 @@ machine:
hostname: node00.balsillie.house hostname: node00.balsillie.house
nameservers: nameservers:
- 192.168.1.11 - 192.168.1.11
- 10.96.10.254
interfaces: interfaces:
- deviceSelector: - deviceSelector:
hardwareAddr: 'f4:4d:30:6e:62:a7' hardwareAddr: 'f4:4d:30:6e:62:a7'
@ -11,5 +12,8 @@ machine:
routes: routes:
- network: 0.0.0.0/0 - network: 0.0.0.0/0
gateway: 192.168.1.11 gateway: 192.168.1.11
- network: 0.0.0.0/0
gateway: 10.96.10.254
addresses: addresses:
- 192.168.1.15/24 - 192.168.1.15/24
- 10.96.10.30/24

4
talos/talos-patch.yaml
View File

@ -9,7 +9,7 @@ cluster:
extraManifests: extraManifests:
- https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
- https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml # - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
inlineManifests: inlineManifests:
- name: calico-installation - name: calico-installation
contents: | contents: |
@ -53,6 +53,8 @@ cluster:
asNumber: 64624 asNumber: 64624
serviceClusterIPs: serviceClusterIPs:
- cidr: 10.80.0.0/12 - cidr: 10.80.0.0/12
serviceExternalIPs:
- cidr: 10.96.20.0/24
- name: calico-bgppeer - name: calico-bgppeer
contents: | contents: |
apiVersion: crd.projectcalico.org/v1 apiVersion: crd.projectcalico.org/v1

10
terraform/cloudflare/main.tf
View File

@ -29,6 +29,16 @@ locals {
} }
} }
import {
to = cloudflare_zone.balsillie_net
id = var.zone_id
}
import {
to = cloudflare_zone_dnssec.balsillie_net
id = var.zone_id
}
resource "cloudflare_zone" "balsillie_net" { resource "cloudflare_zone" "balsillie_net" {
account_id = data.cloudflare_accounts.default.accounts[0].id account_id = data.cloudflare_accounts.default.accounts[0].id
zone = "balsillie.net" zone = "balsillie.net"

1
terraform/cloudflare/secrets.auto.example
View File

@ -1,3 +1,4 @@
# Rename this file to "secrets.auto.tfvars" # Rename this file to "secrets.auto.tfvars"
api_token = "CHANGE ME" api_token = "CHANGE ME"
zone_id = "CHANGE ME"

7
terraform/cloudflare/variable_definitions.tf
View File

@ -5,6 +5,13 @@ variable "api_token" {
sensitive = true sensitive = true
} }
variable "zone_id" {
description = "The DNS zone id as siplayed in cloudflare dashboard."
type = string
default = ""
sensitive = false
}
variable "dns_records" { variable "dns_records" {
description = "DNS A records to create" description = "DNS A records to create"
type = list(object({ type = list(object({

39
terraform/cloudflare/variables.auto.tfvars
View File

@ -1,28 +1,29 @@
zone_id = "affce43bd72967adbe9ac9cc32c4532b"
dns_records = [ dns_records = [
{ name = "@", type = "TXT", content = "\"v=spf1 +ip4:5.161.254.39 -all\"", ttl = 60 }, { name = "@", type = "TXT", content = "\"v=spf1 +a:wan.balsillie.house -all\"", ttl = 60 },
{ name = "@", type = "TXT", content = "\"openpgp4fpr:2362b71cc210e435244d63dae81ed7810d966cd4\"", ttl = 60 }, { name = "@", type = "TXT", content = "\"openpgp4fpr:2362b71cc210e435244d63dae81ed7810d966cd4\"", ttl = 60 },
{ name = "_dmarc", type = "TXT", content = "\"v=DMARC1; p=reject; rua=mailto:postmaster@balsillie.net; ruf=mailto:postmaster@balsillie.net; sp=reject; fo=1; aspf=s; adkim=s; ri=259200\"", ttl = 60 }, { name = "_dmarc", type = "TXT", content = "\"v=DMARC1; p=reject; rua=mailto:postmaster@balsillie.net; ruf=mailto:postmaster@balsillie.net; sp=reject; fo=1; aspf=s; adkim=s; ri=259200\"", ttl = 60 },
{ name = "_mta-sts", type = "TXT", content = "\"v=STSv1; id=1734552187\"", ttl = 60 },
{ name = "_smtp._tls", type = "TXT", content = "\"v=TLSRPTv1; rua=mailto:postmaster@balsillie.net\"", ttl = 60 },
{ name = "mail._domainkey", type = "TXT", content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+URc62p2hXgTgt+1NEo8tCm1SWYPXlnsO9vQdz3SqM6SUXyV/nuLzHQBriJwEnL7sXlmMvfu7JkY4wx/q4nZUVqJ6P8tV4qqRTlPYf9EOtzdPetvz24NVcI8Jh1qo06K/JXTPwGssSDnacfC6B14Q06JPC+1Kx28pOu8XLZSJpwIDAQAB\"", ttl = 60 }, { name = "mail._domainkey", type = "TXT", content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+URc62p2hXgTgt+1NEo8tCm1SWYPXlnsO9vQdz3SqM6SUXyV/nuLzHQBriJwEnL7sXlmMvfu7JkY4wx/q4nZUVqJ6P8tV4qqRTlPYf9EOtzdPetvz24NVcI8Jh1qo06K/JXTPwGssSDnacfC6B14Q06JPC+1Kx28pOu8XLZSJpwIDAQAB\"", ttl = 60 },
{ name = "@", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "@", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "www", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "account", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "cloud", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "auth", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "imap", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "auth-admin", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "sieve", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "autoconfig", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "smtp", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "cloud", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "auth", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "code", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "autoconfig", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "im", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "autodiscover", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "imap", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "code", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "im", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "matrix", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "matrix-auth", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "matrix-auth", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "matrix-client", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "matrix-federation", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "matrix-federation", type = "A", content = "5.161.254.39", ttl = 60 },
{ name = "matrix-sync", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "mta-sts", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "mta-sts", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "notify", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "notify", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "office", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "office", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "smtp", type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
{ name = "social", type = "A", content = "5.161.254.39", ttl = 60 }, { name = "social", type = "CNAME", content = "wan.balsillie.house", ttl = 60 }
{ name = "turn", type = "A", content = "5.161.254.39", ttl = 60 }
] ]
mx_records = [ mx_records = [