dns and talos

2024-12-18 15:42:45 -05:00 · 2024-12-18 15:42:45 -05:00 · bde6a5f208
commit bde6a5f208
parent 85d6fe5056
7 changed files with 49 additions and 23 deletions
--- a/talos/patches/mc-all.yml
+++ b/talos/patches/mc-all.yml
@ -28,4 +28,5 @@ machine:
  time:
    disabled: false
    servers:
-      - 192.168.1.11
+      - 192.168.1.11
+      - 10.96.10.254
--- a/talos/patches/mc-node00.yml
+++ b/talos/patches/mc-node00.yml
@ -4,6 +4,7 @@ machine:
    hostname: node00.balsillie.house
    nameservers:
      - 192.168.1.11
+      - 10.96.10.254
    interfaces:
      - deviceSelector:
          hardwareAddr: 'f4:4d:30:6e:62:a7'
@ -11,5 +12,8 @@ machine:
        routes:
          - network: 0.0.0.0/0
            gateway: 192.168.1.11
+          - network: 0.0.0.0/0
+            gateway: 10.96.10.254
        addresses:
-          - 192.168.1.15/24
+          - 192.168.1.15/24
+          - 10.96.10.30/24
--- a/talos/talos-patch.yaml
+++ b/talos/talos-patch.yaml
@ -9,7 +9,7 @@ cluster:
  extraManifests:
    - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
    - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
-    - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
+    # - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
  inlineManifests:
    - name: calico-installation
      contents: |
@ -53,6 +53,8 @@ cluster:
          asNumber: 64624
          serviceClusterIPs:
          - cidr: 10.80.0.0/12
+          serviceExternalIPs:
+          - cidr: 10.96.20.0/24
    - name: calico-bgppeer
      contents: |
        apiVersion: crd.projectcalico.org/v1
--- a/terraform/cloudflare/main.tf
+++ b/terraform/cloudflare/main.tf
@ -29,6 +29,16 @@ locals {
  }
 }

+import {
+  to = cloudflare_zone.balsillie_net
+  id = var.zone_id
+}
+
+import {
+  to = cloudflare_zone_dnssec.balsillie_net
+  id = var.zone_id
+}
+
 resource "cloudflare_zone" "balsillie_net" {
    account_id = data.cloudflare_accounts.default.accounts[0].id
    zone = "balsillie.net"
--- a/terraform/cloudflare/secrets.auto.example
+++ b/terraform/cloudflare/secrets.auto.example
@ -1,3 +1,4 @@
 # Rename this file to "secrets.auto.tfvars"

-api_token = "CHANGE ME"
+api_token = "CHANGE ME"
+zone_id = "CHANGE ME"
--- a/terraform/cloudflare/variable_definitions.tf
+++ b/terraform/cloudflare/variable_definitions.tf
@ -5,6 +5,13 @@ variable "api_token" {
    sensitive   = true
 }

+variable "zone_id" {
+    description = "The DNS zone id as siplayed in cloudflare dashboard."
+    type = string
+    default = ""
+    sensitive = false
+}
+
 variable "dns_records" {
    description = "DNS A records to create"
    type        = list(object({
--- a/terraform/cloudflare/variables.auto.tfvars
+++ b/terraform/cloudflare/variables.auto.tfvars
@ -1,28 +1,29 @@
+zone_id = "affce43bd72967adbe9ac9cc32c4532b"
+
 dns_records = [
-    { name = "@",                   type = "TXT",   content = "\"v=spf1 +ip4:5.161.254.39 -all\"", ttl = 60 },
+    { name = "@",                   type = "TXT",   content = "\"v=spf1 +a:wan.balsillie.house -all\"", ttl = 60 },
    { name = "@",                   type = "TXT",   content = "\"openpgp4fpr:2362b71cc210e435244d63dae81ed7810d966cd4\"", ttl = 60 },
    { name = "_dmarc",              type = "TXT",   content = "\"v=DMARC1; p=reject; rua=mailto:postmaster@balsillie.net; ruf=mailto:postmaster@balsillie.net; sp=reject; fo=1; aspf=s; adkim=s; ri=259200\"", ttl = 60 },
+    { name = "_mta-sts",            type = "TXT",   content = "\"v=STSv1; id=1734552187\"", ttl = 60 },
+    { name = "_smtp._tls",          type = "TXT",   content = "\"v=TLSRPTv1; rua=mailto:postmaster@balsillie.net\"", ttl = 60 },
    { name = "mail._domainkey",     type = "TXT",   content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+URc62p2hXgTgt+1NEo8tCm1SWYPXlnsO9vQdz3SqM6SUXyV/nuLzHQBriJwEnL7sXlmMvfu7JkY4wx/q4nZUVqJ6P8tV4qqRTlPYf9EOtzdPetvz24NVcI8Jh1qo06K/JXTPwGssSDnacfC6B14Q06JPC+1Kx28pOu8XLZSJpwIDAQAB\"", ttl = 60 },
-    { name = "@",                   type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "www",                 type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "cloud",               type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "imap",                type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "sieve",               type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "smtp",                type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "auth",                type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "autoconfig",          type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "autodiscover",        type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "code",                type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "im",                  type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "matrix",              type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "@",                   type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "account",             type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "auth",                type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "auth-admin",          type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "autoconfig",          type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "cloud",               type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "code",                type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "im",                  type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "imap",                type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
    { name = "matrix-auth",         type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "matrix-client",       type = "A",     content = "5.161.254.39", ttl = 60 },
    { name = "matrix-federation",   type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "matrix-sync",         type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "mta-sts",             type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "notify",              type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "office",              type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "social",              type = "A",     content = "5.161.254.39", ttl = 60 },
-    { name = "turn",                type = "A",     content = "5.161.254.39", ttl = 60 }
+    { name = "mta-sts",             type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "notify",              type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "office",              type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "smtp",                type = "CNAME", content = "wan.balsillie.house", ttl = 60 },
+    { name = "social",              type = "CNAME", content = "wan.balsillie.house", ttl = 60 }
 ]

 mx_records = [