Ben Vincent
a7e9f1590e
- set syd1 as primary consul datacentre - add consul.service.consul zone - add nginx reverse proxy for consul webui - set dns zones/acls/views/keys to be deep merged from hiera - update default token - add consul/consul.service.consul/consul.main.unkin.net to vault cert
93 lines
2.2 KiB
YAML
93 lines
2.2 KiB
YAML
---
|
|
profiles::dns::resolver::acls:
|
|
acl-main.unkin.net:
|
|
addresses:
|
|
- 10.10.8.1/32
|
|
- 198.18.21.160/27
|
|
- 198.18.21.192/27
|
|
- 198.18.13.0/24
|
|
- 198.18.14.0/24
|
|
- 198.18.15.0/24
|
|
- 198.18.16.0/24
|
|
- 198.18.17.0/24
|
|
|
|
profiles::dns::resolver::zones:
|
|
8.10.10.in-addr.arpa-forward:
|
|
domain: '8.10.10.in-addr.arpa'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
16.10.10.in-addr.arpa-forward:
|
|
domain: '16.10.10.in-addr.arpa'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
20.10.10.in-addr.arpa-forward:
|
|
domain: '20.10.10.in-addr.arpa'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
unkin.net-forward:
|
|
domain: 'unkin.net'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
dmz.unkin.net-forward:
|
|
domain: 'dmz.unkin.net'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
network.unkin.net-forward:
|
|
domain: 'network.unkin.net'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
prod.unkin.net-forward:
|
|
domain: 'prod.unkin.net'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 10.10.16.32
|
|
- 10.10.16.33
|
|
forward: 'only'
|
|
consul.service.consul-forward:
|
|
domain: 'consul.service.consul'
|
|
zone_type: 'forward'
|
|
forwarders:
|
|
- 198.18.13.19
|
|
- 198.18.13.20
|
|
- 198.18.13.21
|
|
forward: 'only'
|
|
|
|
profiles::dns::resolver::views:
|
|
openforwarder:
|
|
recursion: true
|
|
zones:
|
|
- main.unkin.net-forward
|
|
- unkin.net-forward
|
|
- dmz.unkin.net-forward
|
|
- network.unkin.net-forward
|
|
- prod.unkin.net-forward
|
|
- consul.service.consul-forward
|
|
- 13.18.198.in-addr.arpa-forward
|
|
- 14.18.198.in-addr.arpa-forward
|
|
- 15.18.198.in-addr.arpa-forward
|
|
- 16.18.198.in-addr.arpa-forward
|
|
- 17.18.198.in-addr.arpa-forward
|
|
- 8.10.10.in-addr.arpa-forward
|
|
- 16.10.10.in-addr.arpa-forward
|
|
- 20.10.10.in-addr.arpa-forward
|
|
match_clients:
|
|
- acl-main.unkin.net
|