K3S/addons/yandex-dns-controller/role/defaults/main.yml

---
# ─── Helm release ─────────────────────────────────────────────────────────────
yandex_dns_controller_namespace: "yandex-dns-controller"
yandex_dns_controller_release_name: "yandex-dns-controller"

# ─── CronJob settings ─────────────────────────────────────────────────────────
yandex_dns_controller_schedule: "*/5 * * * *"
yandex_dns_controller_dry_run: false
yandex_dns_controller_image: "python:3.11-slim"

# ─── API credentials (задаются в vault.yml) ───────────────────────────────────
# yandex_dns:
#   org_id: "3312086"        # ID организации: https://admin.yandex.ru/company-profile
#   token: "y0_..."          # OAuth-токен: https://oauth.yandex.ru/

# ─── DNS zones ────────────────────────────────────────────────────────────────
# Контроллер обрабатывает все секции: records, systemRecords, coreRecords,
# serviceRecords. Управляются только записи с managed: true.
# Записи с managed: false — документация, контроллер их не трогает никогда.
yandex_dns_controller_zones:
  domains:
    - name: antropoff.ru

      # 🔐 СИСТЕМНЫЕ (НЕ ТРОГАТЬ НИКОГДА)
      systemRecords:
        - name: "@"
          type: MX
          ttl: 21600
          value: "mx.yandex.net."
          priority: 10
          managed: false

        - name: "@"
          type: TXT
          ttl: 21600
          value: "v=spf1 redirect=_spf.yandex.net"
          managed: false

        - name: "mail"
          type: CNAME
          ttl: 21600
          value: "domain.mail.yandex.net."
          managed: false

        - name: "mail._domainkey"
          type: TXT
          ttl: 21600
          value: "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC59mCRjO+qdClA7G23vsdahQSVs9qMDr75shkzrrkemMMk9yTShREBN0x6to6zkhbN934mFlhHg0o+wjJ3v5LCbr2W44zpw6+WJsLz0+4PR2fk8AJOibDJ/MRVlevnsPLa0pGuhC6oHrHgodSo6SpaM7Y6R9FVGSacoJXwHBgLcQIDAQAB"
          managed: false

      # 🌐 ОСНОВНЫЕ A (КРИТИЧНЫЕ)
      coreRecords:
        - name: "@"
          type: A
          ttl: 3600
          value: "217.150.201.203"
          managed: false

        - name: "nl.antropoff.ru"
          type: A
          ttl: 3600
          value: "95.81.102.231"
          managed: false

        - name: "db.antropoff.ru"
          type: A
          ttl: 3600
          value: "89.44.80.136"
          managed: false

      # 🧩 СЕРВИСЫ (НЕ УДАЛЯЕМ)
      serviceRecords:
        - name: "uptime"
          type: CNAME
          ttl: 21600
          value: "vps.antropoff.ru."
          managed: false

        - name: "cloud"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "contacts"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "files"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "git"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "hub"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "monitor"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "pgsql"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "plex"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "prometheus"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "s3"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "sql"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "torrents"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "vault"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "vpn"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "www"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "smart"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "backup"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "nas"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "router"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "s3-api"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "logs"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "todo"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "jump"
          type: CNAME
          ttl: 3600
          value: "antropoff.ru."
          managed: false

        - name: "k8s-test"
          type: CNAME
          ttl: 300
          value: "antropoff.ru."
          managed: true