feat: deploy dns for all interfaces

feat: rework profiles::dns::client define

- reworked the profiles::dns::client to use new defaults
- removed static variables

feat: manage secondary interfaces

- define the primary interface for dns
- set primary interface as loopback0 for incus hosts
- add ip_sans for loopback interfaces
- add ssh principals for loopback interfaces
This commit is contained in:
2025-05-11 12:18:19 +10:00
parent 3e0141bb1b
commit 19bc2002ee
3 changed files with 45 additions and 15 deletions
+11 -1
View File
@@ -13,10 +13,18 @@ profiles::pki::vault::alt_names:
- incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul"
profiles::pki::vault::ip_sans:
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
profiles::ssh::sign::principals:
- incus.service.consul
- incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul"
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
# configure consul service
consul::services:
@@ -65,10 +73,12 @@ profiles::yum::global::repos:
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
mirrorlist: absent
# dns
profiles::dns::base::primary_interface: loopback0
# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
#networking::use_networkd: true
networking::interfaces:
enp2s0:
type: physical