feat: Version control DNS records

2025-02-12 10:33:42 -08:00 · 2025-02-12 10:33:42 -08:00 · 1d060128d3
commit 1d060128d3
parent 0cb4f35057
12 changed files with 92 additions and 7 deletions
--- a/dns/zones/dolo.mnke.org.zone
+++ b/dns/zones/dolo.mnke.org.zone
@ -0,0 +1,6 @@
+$ORIGIN dolo.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 20 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  ANAME         metal-01
+*                     600       IN  CNAME         metal-01
+metal-01              600       IN  A             10.0.185.128
--- a/dns/zones/home.mnke.org.zone
+++ b/dns/zones/home.mnke.org.zone
@ -0,0 +1,7 @@
+$ORIGIN home.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 14 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+db                    600       IN  CNAME         truenas
+nas                   600       IN  CNAME         truenas
+truenas               600       IN  A             10.0.0.160
+truenas-gpu           600       IN  A             10.0.0.250
--- a/dns/zones/jumper.mnke.org.zone
+++ b/dns/zones/jumper.mnke.org.zone
@ -0,0 +1,5 @@
+$ORIGIN jumper.mnke.org.
+@                     0         IN  SOA           dns-server. invalid. 1 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  A             10.0.44.2
+*                     600       IN  A             10.0.44.2
--- a/dns/zones/mnke.org.zone
+++ b/dns/zones/mnke.org.zone
@ -0,0 +1,6 @@
+$ORIGIN mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 12 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+authentik             600       IN  CNAME         authentik.dolo
+blog                  600       IN  CNAME         blog.dolo
+git                   600       IN  CNAME         git.jumper
--- a/dns/zones/stingray.mnke.org.zone
+++ b/dns/zones/stingray.mnke.org.zone
@ -0,0 +1,6 @@
+$ORIGIN stingray.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 9 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  ANAME         manager-01
+*                     600       IN  CNAME         manager-01
+manager-01            600       IN  A             10.0.42.32
--- a/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
+++ b/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
@ -0,0 +1,38 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns-home-mnke-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: 10.0.123.123
+  ports:
+    - name: dns-home-mnke-external
+      port: 5380
+      targetPort: 5380
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dns-home-mnke-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`dns.home.mnke.org`)
+      kind: Rule
+      middlewares:
+        - name: local-allowlist
+          namespace: default
+      services:
+        - kind: Service
+          name: dns-home-mnke-external
+          port: 5380
+          passHostHeader: False
+  tls:
+    secretName: wildcard-mnke-org-tls
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@ -5,4 +5,5 @@ resources:
  - jellyfin-mnke.yaml
  - jellyfin-tonydu.yaml
  - seerr-mnke.yaml
-  - seerr-tonydu.yaml
+  - seerr-tonydu.yaml
+  - dns-home-mnke.yaml
--- a/k8s/apps/ingressroutes/external/templater/main.py
+++ b/k8s/apps/ingressroutes/external/templater/main.py
@ -26,6 +26,7 @@ resources:
  {%- for filename in filenames %}
  - {{ filename }}
  {%- endfor %}
+
 ''')

 def main(args):
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@ -37,3 +37,13 @@ proxies:
      - name: redirect-tonydu-me-mnke-org
        namespace: default

+  - service_name: dns-home-mnke
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: dns.home.mnke.org
+    middlewares:
+      - name: local-allowlist
+        namespace: default
+    upstream_host: 10.0.123.123
+    upstream_port: 5380
+    pass_host_header: false
+
--- a/k8s/apps/ingressroutes/middlewares/kustomization.yaml
+++ b/k8s/apps/ingressroutes/middlewares/kustomization.yaml
@ -4,3 +4,4 @@ kind: Kustomization
 resources:
  - authentik.yaml
  - redirect-tonydu-me-mnke-org.yaml
+  - local-allowlist.yaml
--- a/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
+++ b/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
@ -0,0 +1,10 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: local-allowlist
+  namespace: default
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 10.0.0.0/16
--- a/tf/dns.tf
+++ b/tf/dns.tf
@ -1,6 +0,0 @@
-# resource "dns_a_record_set" "test" {
-  # zone      = "home.mnke.org."
-  # name      = "test"
-  # addresses = ["10.0.123.123"]
-  # ttl       = 300
-# }