From bc4246dd0511b73a9b1a921a530a636ea556e2c7 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 21 Apr 2024 22:55:06 +1000
Subject: [PATCH] feat: add new syd1 prod networks

---
 .../au/region/drw1/infra/dhcp/server.yaml     | 22 ++++++++++++
 hieradata/roles/infra/dns/master.yaml         | 34 +++++++++++++-----
 hieradata/roles/infra/dns/resolver.yaml       | 35 +++++++++++++++++++
 hieradata/roles/infra/ntp/server.yaml         |  2 ++
 hieradata/roles/infra/puppet/master.yaml      |  2 ++
 modules/libs/lib/facter/subnet_facts.rb       |  2 ++
 6 files changed, 89 insertions(+), 8 deletions(-)

diff --git a/hieradata/country/au/region/drw1/infra/dhcp/server.yaml b/hieradata/country/au/region/drw1/infra/dhcp/server.yaml
index 8136905..ca98e40 100644
--- a/hieradata/country/au/region/drw1/infra/dhcp/server.yaml
+++ b/hieradata/country/au/region/drw1/infra/dhcp/server.yaml
@@ -31,6 +31,28 @@ profiles::dhcp::server::pools:
       - 198.18.17.8
     domain_name: main.unkin.net
     pxeserver: 198.18.17.48
+  syd1-prod1:
+    network: 198.18.13.0
+    mask: 255.255.255.0
+    range:
+      - '198.18.13.200 198.18.13.220'
+    gateway: 198.18.13.254
+    nameservers:
+      - 198.18.17.7
+      - 198.18.17.8
+    domain_name: main.unkin.net
+    pxeserver: 198.18.17.48
+  syd1-prod2:
+    network: 198.18.14.0
+    mask: 255.255.255.0
+    range:
+      - '198.18.14.200 198.18.14.220'
+    gateway: 198.18.14.254
+    nameservers:
+      - 198.18.17.7
+      - 198.18.17.8
+    domain_name: main.unkin.net
+    pxeserver: 198.18.17.48
   drw1-prod:
     network: 198.18.17.0
     mask: 255.255.255.0
diff --git a/hieradata/roles/infra/dns/master.yaml b/hieradata/roles/infra/dns/master.yaml
index ef7d4c4..84ed6cc 100644
--- a/hieradata/roles/infra/dns/master.yaml
+++ b/hieradata/roles/infra/dns/master.yaml
@@ -6,6 +6,10 @@ profiles::dns::master::nameservers:
 profiles::dns::master::acls:
   acl-main.unkin.net:
     addresses:
+      - 198.18.13.0/24
+      - 198.18.14.0/24
+      - 198.18.15.0/24
+      - 198.18.16.0/24
       - 198.18.17.0/24
 
 profiles::dns::master::zones:
@@ -15,33 +19,47 @@ profiles::dns::master::zones:
     dynamic: false
     ns_notify: true
     source: '/var/named/sources/main.unkin.net.conf'
-  17.18.198.in-addr.arpa:
-    domain: '17.18.198.in-addr.arpa'
+  13.18.198.in-addr.arpa:
+    domain: '13.18.198.in-addr.arpa'
     zone_type: 'master'
     dynamic: false
     ns_notify: true
-    source: '/var/named/sources/17.18.198.in-addr.arpa.conf'
-  16.18.198.in-addr.arpa:
-    domain: '16.18.198.in-addr.arpa'
+    source: '/var/named/sources/13.18.198.in-addr.arpa.conf'
+  14.18.198.in-addr.arpa:
+    domain: '14.18.198.in-addr.arpa'
     zone_type: 'master'
     dynamic: false
     ns_notify: true
-    source: '/var/named/sources/16.18.198.in-addr.arpa.conf'
+    source: '/var/named/sources/14.18.198.in-addr.arpa.conf'
   15.18.198.in-addr.arpa:
     domain: '15.18.198.in-addr.arpa'
     zone_type: 'master'
     dynamic: false
     ns_notify: true
     source: '/var/named/sources/15.18.198.in-addr.arpa.conf'
+  16.18.198.in-addr.arpa:
+    domain: '16.18.198.in-addr.arpa'
+    zone_type: 'master'
+    dynamic: false
+    ns_notify: true
+    source: '/var/named/sources/16.18.198.in-addr.arpa.conf'
+  17.18.198.in-addr.arpa:
+    domain: '17.18.198.in-addr.arpa'
+    zone_type: 'master'
+    dynamic: false
+    ns_notify: true
+    source: '/var/named/sources/17.18.198.in-addr.arpa.conf'
 
 profiles::dns::master::views:
   master-zones:
     recursion: false
     zones:
       - main.unkin.net
-      - 17.18.198.in-addr.arpa
-      - 16.18.198.in-addr.arpa
+      - 13.18.198.in-addr.arpa
+      - 14.18.198.in-addr.arpa
       - 15.18.198.in-addr.arpa
+      - 16.18.198.in-addr.arpa
+      - 17.18.198.in-addr.arpa
     match_clients:
       - acl-main.unkin.net
 
diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml
index b949c1a..18008a4 100644
--- a/hieradata/roles/infra/dns/resolver.yaml
+++ b/hieradata/roles/infra/dns/resolver.yaml
@@ -3,6 +3,9 @@ profiles::dns::resolver::acls:
   acl-main.unkin.net:
     addresses:
       - 198.18.21.160/27
+      - 198.18.21.192/27
+      - 198.18.13.0/24
+      - 198.18.14.0/24
       - 198.18.15.0/24
       - 198.18.16.0/24
       - 198.18.17.0/24
@@ -21,6 +24,34 @@ profiles::dns::resolver::zones:
     forwarders:
       - 10.10.8.1
     forward: 'only'
+  13.18.198.in-addr.arpa-forward:
+    domain: '13.18.198.in-addr.arpa'
+    zone_type: 'forward'
+    forwarders:
+      - 198.18.17.23
+      - 198.18.17.24
+    forward: 'only'
+  14.18.198.in-addr.arpa-forward:
+    domain: '14.18.198.in-addr.arpa'
+    zone_type: 'forward'
+    forwarders:
+      - 198.18.17.23
+      - 198.18.17.24
+    forward: 'only'
+  15.18.198.in-addr.arpa-forward:
+    domain: '15.18.198.in-addr.arpa'
+    zone_type: 'forward'
+    forwarders:
+      - 198.18.17.23
+      - 198.18.17.24
+    forward: 'only'
+  16.18.198.in-addr.arpa-forward:
+    domain: '16.18.198.in-addr.arpa'
+    zone_type: 'forward'
+    forwarders:
+      - 198.18.17.23
+      - 198.18.17.24
+    forward: 'only'
   17.18.198.in-addr.arpa-forward:
     domain: '17.18.198.in-addr.arpa'
     zone_type: 'forward'
@@ -35,6 +66,10 @@ profiles::dns::resolver::views:
     zones:
       - main.unkin.net-forward
       - prod.unkin.net-forward
+      - 13.18.198.in-addr.arpa-forward
+      - 14.18.198.in-addr.arpa-forward
+      - 15.18.198.in-addr.arpa-forward
+      - 16.18.198.in-addr.arpa-forward
       - 17.18.198.in-addr.arpa-forward
     match_clients:
       - acl-main.unkin.net
diff --git a/hieradata/roles/infra/ntp/server.yaml b/hieradata/roles/infra/ntp/server.yaml
index fddfc78..839e32d 100644
--- a/hieradata/roles/infra/ntp/server.yaml
+++ b/hieradata/roles/infra/ntp/server.yaml
@@ -1,6 +1,8 @@
 ---
 profiles::ntp::client::client_only: false
 profiles::ntp::server::allowquery:
+  - '198.18.13.0/24'
+  - '198.18.14.0/24'
   - '198.18.15.0/24'
   - '198.18.16.0/24'
   - '198.18.17.0/24'
diff --git a/hieradata/roles/infra/puppet/master.yaml b/hieradata/roles/infra/puppet/master.yaml
index b5b6830..9d5468b 100644
--- a/hieradata/roles/infra/puppet/master.yaml
+++ b/hieradata/roles/infra/puppet/master.yaml
@@ -1,5 +1,7 @@
 ---
 profiles::puppet::autosign::subnet_ranges:
+  - '198.18.13.0/24'
+  - '198.18.14.0/24'
   - '198.18.15.0/24'
   - '198.18.16.0/24'
   - '198.18.17.0/24'
diff --git a/modules/libs/lib/facter/subnet_facts.rb b/modules/libs/lib/facter/subnet_facts.rb
index bbe7125..458c8e0 100644
--- a/modules/libs/lib/facter/subnet_facts.rb
+++ b/modules/libs/lib/facter/subnet_facts.rb
@@ -5,6 +5,8 @@ require 'ipaddr'
 # a class that creates facts based on the subnet
 class SubnetAttributes
   SUBNET_TO_ATTRIBUTES = {
+    '198.18.13.0/24' => { environment: 'prod', region: 'syd1', country: 'au' },
+    '198.18.14.0/24' => { environment: 'prod', region: 'syd1', country: 'au' },
     '198.18.15.0/24' => { environment: 'prod', region: 'syd1', country: 'au' },
     '198.18.16.0/24' => { environment: 'test', region: 'syd1', country: 'au' },
     '198.18.17.0/24' => { environment: 'prod', region: 'drw1', country: 'au' },