DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(yandex-dns-controller): добавить реальные DNS-зоны в defaults и credentials в vault.example

Browse Source
This commit is contained in:
Sergey Antropoff
2026-04-26 12:23:40 +03:00
parent 404347b535
commit bb03975105
2 changed files with 210 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

226
addons/yandex-dns-controller/role/defaults/main.yml
View File

@@ -14,30 +14,208 @@ yandex_dns_controller_image: "python:3.11-slim"
# token: "y0_..." # OAuth-токен: https://oauth.yandex.ru/ # token: "y0_..." # OAuth-токен: https://oauth.yandex.ru/
# ─── DNS zones ──────────────────────────────────────────────────────────────── # ─── DNS zones ────────────────────────────────────────────────────────────────
# Полное содержимое zones.yaml.
# Контроллер обрабатывает все секции: records, systemRecords, coreRecords, # Контроллер обрабатывает все секции: records, systemRecords, coreRecords,
# serviceRecords. Управляются только записи с managed: true. # serviceRecords. Управляются только записи с managed: true.
# # Записи с managed: false — документация, контроллер их не трогает никогда.
# Пример:
# yandex_dns_controller_zones:
# domains:
# - name: example.ru
#
# # НЕ ТРОГАЕМ — только документация
# systemRecords:
# - name: "@"
# type: MX
# ttl: 21600
# value: "mx.yandex.net."
# priority: 10
# managed: false
#
# # УПРАВЛЯЕМ контроллером
# records:
# - name: k8s-ingress
# type: A
# ttl: 300
# value: "192.168.1.100"
# managed: true
yandex_dns_controller_zones: yandex_dns_controller_zones:
domains: [] domains:
- name: antropoff.ru
# 🔐 СИСТЕМНЫЕ (НЕ ТРОГАТЬ НИКОГДА)
systemRecords:
- name: "@"
type: MX
ttl: 21600
value: "mx.yandex.net."
priority: 10
managed: false
- name: "@"
type: TXT
ttl: 21600
value: "v=spf1 redirect=_spf.yandex.net"
managed: false
- name: "mail"
type: CNAME
ttl: 21600
value: "domain.mail.yandex.net."
managed: false
- name: "mail._domainkey"
type: TXT
ttl: 21600
value: "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC59mCRjO+qdClA7G23vsdahQSVs9qMDr75shkzrrkemMMk9yTShREBN0x6to6zkhbN934mFlhHg0o+wjJ3v5LCbr2W44zpw6+WJsLz0+4PR2fk8AJOibDJ/MRVlevnsPLa0pGuhC6oHrHgodSo6SpaM7Y6R9FVGSacoJXwHBgLcQIDAQAB"
managed: false
# 🌐 ОСНОВНЫЕ A (КРИТИЧНЫЕ)
coreRecords:
- name: "@"
type: A
ttl: 3600
value: "217.150.201.203"
managed: false
- name: "nl.antropoff.ru"
type: A
ttl: 3600
value: "95.81.102.231"
managed: false
- name: "db.antropoff.ru"
type: A
ttl: 3600
value: "89.44.80.136"
managed: false
# 🧩 СЕРВИСЫ (НЕ УДАЛЯЕМ)
serviceRecords:
- name: "uptime"
type: CNAME
ttl: 21600
value: "vps.antropoff.ru."
managed: false
- name: "cloud"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "contacts"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "files"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "git"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "hub"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "monitor"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "pgsql"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "plex"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "prometheus"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "s3"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "sql"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "torrents"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "vault"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "vpn"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "www"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "smart"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "backup"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "nas"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "router"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "s3-api"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "logs"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "todo"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "jump"
type: CNAME
ttl: 3600
value: "antropoff.ru."
managed: false
- name: "k8s-test"
type: CNAME
ttl: 300
value: "antropoff.ru."
managed: true

8
group_vars/all/vault.yml.example
View File

@@ -124,3 +124,11 @@ vault_samba_password: "changeme-samba"
# Transmission пароль веб-интерфейса # Transmission пароль веб-интерфейса
vault_transmission_password: "changeme-transmission" vault_transmission_password: "changeme-transmission"
# ─── Yandex 360 DNS Controller ────────────────────────────────────────────────
# org_id: https://admin.yandex.ru/company-profile
# token: создай приложение на https://oauth.yandex.ru/ (scope: Управление записями DNS)
# затем: https://oauth.yandex.ru/authorize?response_type=token&client_id={CLIENT_ID}
yandex_dns:
org_id: "3312086"
token: "y0_ЗАМЕНИ_НА_OAUTH_ТОКЕН"