From bb03975105c189b71e588115b8357cf728852875 Mon Sep 17 00:00:00 2001 From: Sergey Antropoff Date: Sun, 26 Apr 2026 12:23:40 +0300 Subject: [PATCH] =?UTF-8?q?chore(yandex-dns-controller):=20=D0=B4=D0=BE?= =?UTF-8?q?=D0=B1=D0=B0=D0=B2=D0=B8=D1=82=D1=8C=20=D1=80=D0=B5=D0=B0=D0=BB?= =?UTF-8?q?=D1=8C=D0=BD=D1=8B=D0=B5=20DNS-=D0=B7=D0=BE=D0=BD=D1=8B=20?= =?UTF-8?q?=D0=B2=20defaults=20=D0=B8=20credentials=20=D0=B2=20vault.examp?= =?UTF-8?q?le?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../role/defaults/main.yml | 226 ++++++++++++++++-- group_vars/all/vault.yml.example | 8 + 2 files changed, 210 insertions(+), 24 deletions(-) diff --git a/addons/yandex-dns-controller/role/defaults/main.yml b/addons/yandex-dns-controller/role/defaults/main.yml index 8e0aebe..3f1307f 100644 --- a/addons/yandex-dns-controller/role/defaults/main.yml +++ b/addons/yandex-dns-controller/role/defaults/main.yml @@ -14,30 +14,208 @@ yandex_dns_controller_image: "python:3.11-slim" # token: "y0_..." # OAuth-токен: https://oauth.yandex.ru/ # ─── DNS zones ──────────────────────────────────────────────────────────────── -# Полное содержимое zones.yaml. # Контроллер обрабатывает все секции: records, systemRecords, coreRecords, # serviceRecords. Управляются только записи с managed: true. -# -# Пример: -# yandex_dns_controller_zones: -# domains: -# - name: example.ru -# -# # НЕ ТРОГАЕМ — только документация -# systemRecords: -# - name: "@" -# type: MX -# ttl: 21600 -# value: "mx.yandex.net." -# priority: 10 -# managed: false -# -# # УПРАВЛЯЕМ контроллером -# records: -# - name: k8s-ingress -# type: A -# ttl: 300 -# value: "192.168.1.100" -# managed: true +# Записи с managed: false — документация, контроллер их не трогает никогда. yandex_dns_controller_zones: - domains: [] + domains: + - name: antropoff.ru + + # 🔐 СИСТЕМНЫЕ (НЕ ТРОГАТЬ НИКОГДА) + systemRecords: + - name: "@" + type: MX + ttl: 21600 + value: "mx.yandex.net." + priority: 10 + managed: false + + - name: "@" + type: TXT + ttl: 21600 + value: "v=spf1 redirect=_spf.yandex.net" + managed: false + + - name: "mail" + type: CNAME + ttl: 21600 + value: "domain.mail.yandex.net." + managed: false + + - name: "mail._domainkey" + type: TXT + ttl: 21600 + value: "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC59mCRjO+qdClA7G23vsdahQSVs9qMDr75shkzrrkemMMk9yTShREBN0x6to6zkhbN934mFlhHg0o+wjJ3v5LCbr2W44zpw6+WJsLz0+4PR2fk8AJOibDJ/MRVlevnsPLa0pGuhC6oHrHgodSo6SpaM7Y6R9FVGSacoJXwHBgLcQIDAQAB" + managed: false + + # 🌐 ОСНОВНЫЕ A (КРИТИЧНЫЕ) + coreRecords: + - name: "@" + type: A + ttl: 3600 + value: "217.150.201.203" + managed: false + + - name: "nl.antropoff.ru" + type: A + ttl: 3600 + value: "95.81.102.231" + managed: false + + - name: "db.antropoff.ru" + type: A + ttl: 3600 + value: "89.44.80.136" + managed: false + + # 🧩 СЕРВИСЫ (НЕ УДАЛЯЕМ) + serviceRecords: + - name: "uptime" + type: CNAME + ttl: 21600 + value: "vps.antropoff.ru." + managed: false + + - name: "cloud" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "contacts" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "files" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "git" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "hub" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "monitor" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "pgsql" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "plex" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "prometheus" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "s3" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "sql" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "torrents" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "vault" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "vpn" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "www" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "smart" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "backup" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "nas" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "router" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "s3-api" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "logs" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "todo" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "jump" + type: CNAME + ttl: 3600 + value: "antropoff.ru." + managed: false + + - name: "k8s-test" + type: CNAME + ttl: 300 + value: "antropoff.ru." + managed: true diff --git a/group_vars/all/vault.yml.example b/group_vars/all/vault.yml.example index a54e0bd..d7b01d3 100644 --- a/group_vars/all/vault.yml.example +++ b/group_vars/all/vault.yml.example @@ -124,3 +124,11 @@ vault_samba_password: "changeme-samba" # Transmission пароль веб-интерфейса vault_transmission_password: "changeme-transmission" + +# ─── Yandex 360 DNS Controller ──────────────────────────────────────────────── +# org_id: https://admin.yandex.ru/company-profile +# token: создай приложение на https://oauth.yandex.ru/ (scope: Управление записями DNS) +# затем: https://oauth.yandex.ru/authorize?response_type=token&client_id={CLIENT_ID} +yandex_dns: + org_id: "3312086" + token: "y0_ЗАМЕНИ_НА_OAUTH_ТОКЕН"