0aec795aec
feat: manage externaldns bind ( #428 )
...
- add module to manage externaldns bind for k8s
- add infra::dns::externaldns role
- add 198.18.19.20 as anycast for k8s external-dns service
Reviewed-on: #428
2025-11-22 23:25:55 +11:00
6400c89853
feat: add vmcluster static targets ( #426 )
...
- add ability to list static targets for vmagent to scrape
- add vyos router to be scraped
Reviewed-on: #426
2025-11-20 20:19:53 +11:00
9eff241003
feat: add SMTP submission listener and enhance stalwart configuration ( #425 )
...
- add SMTP submission listener on port 587 with TLS requirement
- configure HAProxy frontend/backend for submission with send-proxy-v2 support
- add send-proxy-v2 support to all listeners
- add dynamic HAProxy node discovery for proxy trusted networks
- use service hostname instead of node FQDN for autoconfig/autodiscover
- remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates
- update VRRP CNAME configuration to use mail.main.unkin.net
Reviewed-on: #425
2025-11-09 18:48:06 +11:00
9dd74013ea
feat: create stalwart module ( #418 )
...
- add stalwart module
- add psql database on the shared patroni instance
- add ceph-rgw credentials to eyaml
- ensure psql pass and s3 access key are converted to sensitive
Reviewed-on: #418
2025-11-08 19:09:30 +11:00
5ba483c68a
feat: add ZFS facts to prevent zpool disk changes ( #410 )
...
- add zfs_zpools and zfs_datasets facts to detect existing ZFS resources
- skip zpool creation when pools already exist
Reviewed-on: #410
2025-10-18 21:24:33 +11:00
766233c3e5
fix: check if zfs-cache exists and isnt empty ( #409 )
...
- check the cache file exists, and isnt empty
- resolves idempotence for zpool-import-cache service
Reviewed-on: #409
2025-10-18 21:15:55 +11:00
d8b354558d
feat: add incus auto-client certificate trust ( #406 )
...
- add fact to export vault public cert from agents
- add fact to export list of trusted incus client certs
- add method for incus clients to export their client cert to be trusted
Reviewed-on: #406
2025-10-17 22:46:26 +11:00
fac90c66db
feat: use vault certificates for incus ( #405 )
...
- replace default incus certificates with vault-generated ephemeral certificates
- configure incus service to restart on certificate changes
Reviewed-on: #405
2025-10-17 17:22:09 +11:00
efbbb6bcb1
feat: moderate the k8s install ( #403 )
...
- only install a base config
- wait for 3 masters before deploying helm charts
- remove cluster-domain
- manage nginx ingres via rke2 helmconfig
Reviewed-on: #403
2025-10-12 17:50:24 +11:00
a9c959d924
fix: remove unicode from ceph-csi-yaml ( #400 )
...
Reviewed-on: #400
2025-09-21 00:41:06 +10:00
b224cfb516
fix: cattle-system namespace ( #399 )
...
- cattle-system namespace is created earlier than helm
- leave namespaces.yaml to manage cattle-system namespace (required
before installing helm/rancher)
Reviewed-on: #399
2025-09-21 00:21:41 +10:00
4c9204858e
feat: define node-token from puppet ( #398 )
...
- define the token on the bootstrap node too, so node-token is defined
for new clusters
Reviewed-on: #398
2025-09-20 22:25:56 +10:00
571a9b25a7
fix: resolve rke2-server errors ( #397 )
...
- kubectl yaml files must not use underscores
- replace unicode hyphen with ascii hyphen
Reviewed-on: #397
2025-09-20 18:40:18 +10:00
762f415d2d
feat: k8s helm rework ( #396 )
...
- remove helm-generated-yaml, replace with helm execs
- template/parameterise ceph csi
Reviewed-on: #396
2025-09-20 17:40:41 +10:00
4e77fb7ee7
feat: manage rancher, purelb, cert-manager ( #395 )
...
This change will install rancher, purelb and cert-manager, then
configure a dmz and common ip pool to be used by loadbalancers. The
nginx ingres controller is configured to use 198.18.200.0 (common) and
announce the ip from all nodes so that it becomes an anycast ip in ospf.
- manage the install of rancher, purelb and cert-manager
- add rancher ingress routes
- add nginx externalip/loadBalancer
Reviewed-on: #395
2025-09-14 20:59:39 +10:00
6e4bc9fbc7
feat: adding rke2 ( #394 )
...
- manage rke2 repos
- add rke2 module (init, params, install, config, service)
- split roles::infra::k8s::node -> control/compute roles
- moved common k8s config into k8s.yaml
- add bootstrap_node, manage server and token fields in rke2 config
- manage install of helm
- manage node attributes (from puppet facts)
- manage frr exclusions for service/cluster network
Reviewed-on: #394
2025-09-14 13:27:49 +10:00
fcd1b049d6
feat: ensure frr_exporter can read ospf socket ( #391 )
...
- add execute permission to frr socket directory
Reviewed-on: #391
2025-09-13 15:08:32 +10:00
0665873dc8
feat: update ospf source for learned routes ( #388 )
...
- enable changing the source address for learned ospf routes
- this enables the loopback0 interface to be used as a default src address
- ensure k8s nodes use loopback0 as default src
- ensure incus nodes use loopback0 as default src
Reviewed-on: #388
2025-09-07 16:09:21 +10:00
ac36d9627b
feat: capture all journald logs ( #377 )
...
- create module class for journald clients
- ensure module class it used on all hosts
- use consul service address for insert/journald
Reviewed-on: #377
2025-08-09 15:11:47 +10:00
1c71229fd3
feat: add victorialogs module ( #374 )
...
- add module for victorialogs
- add hieradata for vl insert/select/storage
- manage packages, directories, services, etc
- manage exporting metrics
Reviewed-on: #374
2025-08-08 23:59:46 +10:00
bbed65b4b8
benvin/frr_exporter ( #370 )
...
Reviewed-on: #370
2025-08-03 20:14:19 +10:00
75ca7a5685
feat: add frr_exporter class ( #369 )
...
- add frr exporter to all nodes running frr
Reviewed-on: #369
2025-08-03 16:15:29 +10:00
53fabc923b
feat: add nzbget_exporter ( #368 )
...
- add nzbget_exporter class
- add exporter to nzbget class
Reviewed-on: #368
2025-08-03 15:03:29 +10:00
7fbb87b4b6
feat: add exportarr ( #365 )
...
- add exporters::exportarr
- deploy for radarr, sonarr and prowlarr
Reviewed-on: #365
2025-07-27 19:47:26 +10:00
fd902c1437
feat: create exporters module ( #364 )
...
- upgrade node_exporter, bring managed under exporters module
- upgrade postgres_exporter, bring managed under exporters module
- add flag to cleanup previous iterations of exporters from prometheus module
- fix issues with vmclusster: replication + dedup
Reviewed-on: #364
2025-07-27 13:28:41 +10:00
0e64c9855a
feat: add vmcluster module ( #363 )
...
- manage vmstorage package, service and environment file
- manage vmselect package, service and environment file
- manage vminsert package, service and environment file
- manage vmagent package, service and environment file
- manage options for vmstorage, vmselect, vminsert, vmagent role
Reviewed-on: #363
2025-07-26 18:17:20 +10:00
3cfafbac44
feat: enable ceph on k8s nodes ( #362 )
...
- enable enough ceph/frr to join to cephfs
- notify sshd when restarting the network
- update ssh principals to include all ssh interfaces
Reviewed-on: #362
2025-07-19 20:30:46 +10:00
780a97dfe4
feat: add new cobbler master ( #355 )
...
- change cobbler.main.unkin.net to 2098
Reviewed-on: #355
2025-07-12 20:31:43 +10:00
9aa6472e5b
feat: ensure /etc/NetworkManager/conf.d exists ( #354 )
...
- required to create dns-none setting
Reviewed-on: #354
2025-07-12 14:19:22 +10:00
40c57ede59
feat: add ci build task ( #342 )
...
- a ci workflow for build tests
- run pre-commit against all files
Reviewed-on: #342
2025-07-08 20:19:36 +10:00
b976f2063a
feat: deploy redis for git ( #336 )
...
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
2025-07-05 15:51:28 +10:00
a9faa098ee
benvin/grafana_postgres ( #334 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
2025-07-01 19:07:24 +10:00
715e88176b
chore: confine incus facts to incus ( #326 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/326
2025-06-28 21:24:08 +10:00
1837506b6c
feat: add incus facts ( #325 )
...
- incus container counts
- incus profile list
- allocated memory/cpu
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/325
2025-06-28 21:14:39 +10:00
62837bb22d
feat: add zone to subnet facts ( #320 )
...
- add common and dmz zone fact information
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/320
2025-06-21 15:42:37 +10:00
66fdd7b615
feat: update incus image host to run on incus ( #309 )
...
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
2025-06-08 22:58:44 +10:00
b3347f9226
chore: migrate media applications ( #299 )
...
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
2025-05-25 20:27:17 +10:00
3079f7d000
feat: enable use of dhcp addresses in networkd ( #273 )
...
- change ipaddress to be optional
- add dhcp option
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/273
2025-05-03 23:51:17 +10:00
2321186ad5
neoloc/mpls_ldp_frr ( #255 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/255
2025-04-24 16:51:31 +10:00
c24babe309
feat: add incus image host ( #254 )
...
- add role
- add consul service + checks
- manage the datavol as zfs
- insure the incus fact exists before attempting to read it
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/254
2025-04-24 01:00:39 +10:00
8c76e71dc4
chore: set core.https_address for incus ( #249 )
...
- check the current config and update core.https_address if its wrong
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/249
2025-04-07 11:04:12 +10:00
0e3dd4d7d0
feat: initialise barebones server ( #248 )
...
- manage incus servers init
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/248
2025-04-06 23:56:50 +10:00
83d0b31753
fix: set default for use_networkd ( #247 )
...
- resolving issue where the systemd::manage_networkd is missing for most
hosts, setting a default
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/247
2025-04-06 19:24:39 +10:00
c225564bdb
feat: continue incus implementation ( #245 )
...
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
2025-04-06 16:38:04 +10:00
bdf420973d
feat: add incus module ( #230 )
...
- add a basic incus module
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/230
2025-03-30 01:12:53 +11:00
d0eb4c078d
feat: add zfs modules ( #225 )
...
- add zfs_core module to puppetfile (provides zfs/zpool provider)
- add module to manage zfs
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/225
2025-03-29 22:31:02 +11:00
adc0cf2c09
neoloc/lxd_hosts ( #223 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/223
2025-03-29 19:40:01 +11:00
8eb751e22f
feat: change enc_* fact to read direct from cobbler ( #219 )
...
- change enc_role and enc_env to read direct from cobbler
- cleanup profiles::base::facts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/219
2025-03-12 23:09:15 +11:00
afd3405c98
feat: add etcd module/role ( #215 )
...
- add etcd module
- add etcd role, profile and hieradata
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/215
2025-01-26 20:00:20 +11:00
4400456519
feat: add frrouting module ( #208 )
...
- add frrouting module
- enable ospf daemon on nomad agents
- enable docker volumes
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/208
2024-12-27 23:39:03 +11:00
