feat: Version control DNS records

2025-02-12 10:33:42 -08:00 · 2025-02-12 10:33:42 -08:00 · 1d060128d3
commit 1d060128d3
parent 0cb4f35057
12 changed files with 92 additions and 7 deletions
--- a/dns/zones/dolo.mnke.org.zone
+++ b/dns/zones/dolo.mnke.org.zone
@ -0,0 +1,6 @@
 $ORIGIN dolo.mnke.org.
@                     900       IN  SOA           dns-server. hostadmin 20 900 300 604800 900
@                     3600      IN  NS            dns-server.
@                     600       IN  ANAME         metal-01
 *                     600       IN  CNAME         metal-01
 metal-01              600       IN  A             10.0.185.128
--- a/dns/zones/home.mnke.org.zone
+++ b/dns/zones/home.mnke.org.zone
@ -0,0 +1,7 @@
 $ORIGIN home.mnke.org.
@                     900       IN  SOA           dns-server. hostadmin 14 900 300 604800 900
@                     3600      IN  NS            dns-server.
 db                    600       IN  CNAME         truenas
 nas                   600       IN  CNAME         truenas
 truenas               600       IN  A             10.0.0.160
 truenas-gpu           600       IN  A             10.0.0.250
--- a/dns/zones/jumper.mnke.org.zone
+++ b/dns/zones/jumper.mnke.org.zone
@ -0,0 +1,5 @@
 $ORIGIN jumper.mnke.org.
@                     0         IN  SOA           dns-server. invalid. 1 900 300 604800 900
@                     3600      IN  NS            dns-server.
@                     600       IN  A             10.0.44.2
 *                     600       IN  A             10.0.44.2
--- a/dns/zones/mnke.org.zone
+++ b/dns/zones/mnke.org.zone
@ -0,0 +1,6 @@
 $ORIGIN mnke.org.
@                     900       IN  SOA           dns-server. hostadmin 12 900 300 604800 900
@                     3600      IN  NS            dns-server.
 authentik             600       IN  CNAME         authentik.dolo
 blog                  600       IN  CNAME         blog.dolo
 git                   600       IN  CNAME         git.jumper
--- a/dns/zones/stingray.mnke.org.zone
+++ b/dns/zones/stingray.mnke.org.zone
@ -0,0 +1,6 @@
 $ORIGIN stingray.mnke.org.
@                     900       IN  SOA           dns-server. hostadmin 9 900 300 604800 900
@                     3600      IN  NS            dns-server.
@                     600       IN  ANAME         manager-01
 *                     600       IN  CNAME         manager-01
 manager-01            600       IN  A             10.0.42.32
--- a/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
+++ b/k8s/apps/ingressroutes/external/build/dns-home-mnke.yaml
@ -0,0 +1,38 @@
 ---
 # This file was automatically generated. Do not modify.
 apiVersion: v1
 kind: Service
 metadata:
  name: dns-home-mnke-external
  namespace: default
 spec:
  type: ExternalName
  externalName: 10.0.123.123
  ports:
    - name: dns-home-mnke-external
      port: 5380
      targetPort: 5380
 ---
 # This file was automatically generated. Do not modify.
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: dns-home-mnke-external
  namespace: default
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`dns.home.mnke.org`)
      kind: Rule
      middlewares:
        - name: local-allowlist
          namespace: default
      services:
        - kind: Service
          name: dns-home-mnke-external
          port: 5380
          passHostHeader: False
  tls:
    secretName: wildcard-mnke-org-tls
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@ -5,4 +5,5 @@ resources:
  - jellyfin-mnke.yaml
  - jellyfin-tonydu.yaml
  - seerr-mnke.yaml
-  - seerr-tonydu.yaml
+  - seerr-tonydu.yaml
  - dns-home-mnke.yaml
--- a/k8s/apps/ingressroutes/external/templater/main.py
+++ b/k8s/apps/ingressroutes/external/templater/main.py
@ -26,6 +26,7 @@ resources:
  {%- for filename in filenames %}
  - {{ filename }}
  {%- endfor %}
 ''')
 def main(args):
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@ -37,3 +37,13 @@ proxies:
      - name: redirect-tonydu-me-mnke-org
        namespace: default
  - service_name: dns-home-mnke
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: dns.home.mnke.org
    middlewares:
      - name: local-allowlist
        namespace: default
    upstream_host: 10.0.123.123
    upstream_port: 5380
    pass_host_header: false
--- a/k8s/apps/ingressroutes/middlewares/kustomization.yaml
+++ b/k8s/apps/ingressroutes/middlewares/kustomization.yaml
@ -4,3 +4,4 @@ kind: Kustomization
 resources:
  - authentik.yaml
  - redirect-tonydu-me-mnke-org.yaml
  - local-allowlist.yaml
--- a/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
+++ b/k8s/apps/ingressroutes/middlewares/local-allowlist.yaml
@ -0,0 +1,10 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: local-allowlist
  namespace: default
 spec:
  ipAllowList:
    sourceRange:
      - 127.0.0.1/32
      - 10.0.0.0/16
--- a/tf/dns.tf
+++ b/tf/dns.tf
@ -1,6 +0,0 @@
 # resource "dns_a_record_set" "test" {
  # zone      = "home.mnke.org."
  # name      = "test"
  # addresses = ["10.0.123.123"]
  # ttl       = 300
 # }