From 1d060128d331c7d933bfb9db72c37cb3dea4c9b3 Mon Sep 17 00:00:00 2001
From: Tony Du <tonydu121@hotmail.com>
Date: Wed, 12 Feb 2025 10:33:42 -0800
Subject: [PATCH] feat: Version control DNS records

---
 dns/zones/dolo.mnke.org.zone                  |  6 +++
 dns/zones/home.mnke.org.zone                  |  7 ++++
 dns/zones/jumper.mnke.org.zone                |  5 +++
 dns/zones/mnke.org.zone                       |  6 +++
 dns/zones/stingray.mnke.org.zone              |  6 +++
 .../external/build/dns-home-mnke.yaml         | 38 +++++++++++++++++++
 .../external/build/kustomization.yaml         |  3 +-
 .../ingressroutes/external/templater/main.py  |  1 +
 .../external/templater/values.yaml            | 10 +++++
 .../middlewares/kustomization.yaml            |  1 +
 .../middlewares/local-allowlist.yaml          | 10 +++++
 tf/dns.tf                                     |  6 ---
 12 files changed, 92 insertions(+), 7 deletions(-)
 create mode 100644 dns/zones/dolo.mnke.org.zone
 create mode 100644 dns/zones/home.mnke.org.zone
 create mode 100644 dns/zones/jumper.mnke.org.zone
 create mode 100644 dns/zones/mnke.org.zone
 create mode 100644 dns/zones/stingray.mnke.org.zone
 create mode 100644 k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
 create mode 100644 k8s/apps/ingressroutes/middlewares/local-allowlist.yaml

diff --git a/dns/zones/dolo.mnke.org.zone b/dns/zones/dolo.mnke.org.zone
new file mode 100644
index 0000000..aed828b
--- /dev/null
+++ b/dns/zones/dolo.mnke.org.zone
@@ -0,0 +1,6 @@
+$ORIGIN dolo.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 20 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  ANAME         metal-01
+*                     600       IN  CNAME         metal-01
+metal-01              600       IN  A             10.0.185.128
diff --git a/dns/zones/home.mnke.org.zone b/dns/zones/home.mnke.org.zone
new file mode 100644
index 0000000..9c5391b
--- /dev/null
+++ b/dns/zones/home.mnke.org.zone
@@ -0,0 +1,7 @@
+$ORIGIN home.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 14 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+db                    600       IN  CNAME         truenas
+nas                   600       IN  CNAME         truenas
+truenas               600       IN  A             10.0.0.160
+truenas-gpu           600       IN  A             10.0.0.250
diff --git a/dns/zones/jumper.mnke.org.zone b/dns/zones/jumper.mnke.org.zone
new file mode 100644
index 0000000..93d59e4
--- /dev/null
+++ b/dns/zones/jumper.mnke.org.zone
@@ -0,0 +1,5 @@
+$ORIGIN jumper.mnke.org.
+@                     0         IN  SOA           dns-server. invalid. 1 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  A             10.0.44.2
+*                     600       IN  A             10.0.44.2
diff --git a/dns/zones/mnke.org.zone b/dns/zones/mnke.org.zone
new file mode 100644
index 0000000..c21d8bf
--- /dev/null
+++ b/dns/zones/mnke.org.zone
@@ -0,0 +1,6 @@
+$ORIGIN mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 12 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+authentik             600       IN  CNAME         authentik.dolo
+blog                  600       IN  CNAME         blog.dolo
+git                   600       IN  CNAME         git.jumper
diff --git a/dns/zones/stingray.mnke.org.zone b/dns/zones/stingray.mnke.org.zone
new file mode 100644
index 0000000..e723dd8
--- /dev/null
+++ b/dns/zones/stingray.mnke.org.zone
@@ -0,0 +1,6 @@
+$ORIGIN stingray.mnke.org.
+@                     900       IN  SOA           dns-server. hostadmin 9 900 300 604800 900
+@                     3600      IN  NS            dns-server.
+@                     600       IN  ANAME         manager-01
+*                     600       IN  CNAME         manager-01
+manager-01            600       IN  A             10.0.42.32
diff --git a/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml b/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
new file mode 100644
index 0000000..c7ca0f3
--- /dev/null
+++ b/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
@@ -0,0 +1,38 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: dns-home-mnke-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: 10.0.123.123
+  ports:
+    - name: dns-home-mnke-external
+      port: 5380
+      targetPort: 5380
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dns-home-mnke-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`dns.home.mnke.org`)
+      kind: Rule
+      middlewares:
+        - name: local-allowlist
+          namespace: default
+      services:
+        - kind: Service
+          name: dns-home-mnke-external
+          port: 5380
+          passHostHeader: False
+  tls:
+    secretName: wildcard-mnke-org-tls
diff --git a/k8s/apps/ingressroutes/external/build/kustomization.yaml b/k8s/apps/ingressroutes/external/build/kustomization.yaml
index 735d218..fdb6633 100644
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@@ -5,4 +5,5 @@ resources:
   - jellyfin-mnke.yaml
   - jellyfin-tonydu.yaml
   - seerr-mnke.yaml
-  - seerr-tonydu.yaml
\ No newline at end of file
+  - seerr-tonydu.yaml
+  - dns-home-mnke.yaml
diff --git a/k8s/apps/ingressroutes/external/templater/main.py b/k8s/apps/ingressroutes/external/templater/main.py
index b798c25..1b5d19d 100755
--- a/k8s/apps/ingressroutes/external/templater/main.py
+++ b/k8s/apps/ingressroutes/external/templater/main.py
@@ -26,6 +26,7 @@ resources:
   {%- for filename in filenames %}
   - {{ filename }}
   {%- endfor %}
+
 ''')
 
 def main(args):
diff --git a/k8s/apps/ingressroutes/external/templater/values.yaml b/k8s/apps/ingressroutes/external/templater/values.yaml
index 420fbe8..52e23f9 100644
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@@ -37,3 +37,13 @@ proxies:
       - name: redirect-tonydu-me-mnke-org
         namespace: default
 
+  - service_name: dns-home-mnke
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: dns.home.mnke.org
+    middlewares:
+      - name: local-allowlist
+        namespace: default
+    upstream_host: 10.0.123.123
+    upstream_port: 5380
+    pass_host_header: false
+
diff --git a/k8s/apps/ingressroutes/middlewares/kustomization.yaml b/k8s/apps/ingressroutes/middlewares/kustomization.yaml
index 8bfb746..8ad5645 100644
--- a/k8s/apps/ingressroutes/middlewares/kustomization.yaml
+++ b/k8s/apps/ingressroutes/middlewares/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 resources:
   - authentik.yaml
   - redirect-tonydu-me-mnke-org.yaml
+  - local-allowlist.yaml
diff --git a/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml b/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
new file mode 100644
index 0000000..06c51fb
--- /dev/null
+++ b/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
@@ -0,0 +1,10 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: local-allowlist
+  namespace: default
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 10.0.0.0/16
diff --git a/tf/dns.tf b/tf/dns.tf
index 10f6bdd..e69de29 100644
--- a/tf/dns.tf
+++ b/tf/dns.tf
@@ -1,6 +0,0 @@
-# resource "dns_a_record_set" "test" {
-  # zone      = "home.mnke.org."
-  # name      = "test"
-  # addresses = ["10.0.123.123"]
-  # ttl       = 300
-# }