add IPv6 connectivity via Hurricane Electric 6in4 tunnel

- Add public_ipv6 variable and AAAA records for all 34 non-proxied services - Fix stale DNS records (85.130.108.6 → 176.12.22.76, old IPv6 → HE tunnel) - Update SPF record with current IPv4/IPv6 addresses - Add AAAA update support to Technitium DNS updater CLI - Pin mailserver MetalLB IP to 10.0.20.201 for stable pfSense NAT - pfSense: HE_IPv6 interface, strict firewall (80,443,25,465,587,993 + ICMPv6), socat IPv6→IPv4 proxy, removed dangerous "Allow all DEBUG" rules
2026-03-23 02:22:00 +02:00 · 2026-03-23 02:22:00 +02:00 · 644562454c
commit 644562454c
parent 813f523170
6 changed files with 63 additions and 5 deletions
--- a/cli/update_viktorbarzin_me_technitium.go
+++ b/cli/update_viktorbarzin_me_technitium.go
@ -69,8 +69,8 @@ func UpdatePublicIPViaTechnitiumAPI(newIp net.IP, username string, password stri
 			return errors.Wrap(err, "failed to get A record for ns server")
 		}
 		currIp := net.ParseIP(currIpStr)
-		fmt.Printf("updating record %s to %s\n", nsRecordName, newIp.String())
-		err = UpdateTechnitiumNSARecord(token, nsRecordName, currIp, newIp)
+		fmt.Printf("updating A record %s to %s\n", nsRecordName, newIp.String())
+		err = UpdateTechnitiumNSRecord(token, nsRecordName, "A", currIp, newIp)
 		if err != nil {
 			return errors.Wrap(err, "failed to update NS A record")
 		}
@ -78,12 +78,39 @@ func UpdatePublicIPViaTechnitiumAPI(newIp net.IP, username string, password stri
 	return nil
 }

-func UpdateTechnitiumNSARecord(token, domain string, currIp, newIp net.IP) error {
+func UpdatePublicIPv6ViaTechnitiumAPI(newIp net.IP, username string, password string) error {
+	token, err := createTechnitiumToken(username, password)
+	if err != nil {
+		return errors.Wrap(err, "failed to get technitium token")
+	}
+	for _, ns := range []string{"ns1", "ns2", "@"} {
+		nsRecordName := ""
+		if ns == "@" {
+			nsRecordName = "viktorbarzin.me."
+		} else {
+			nsRecordName = ns + ".viktorbarzin.me"
+		}
+		currIpStr, err := getRecordValue(token, nsRecordName, "AAAA")
+		if err != nil {
+			fmt.Printf("no existing AAAA record for %s, skipping\n", nsRecordName)
+			continue
+		}
+		currIp := net.ParseIP(currIpStr)
+		fmt.Printf("updating AAAA record %s to %s\n", nsRecordName, newIp.String())
+		err = UpdateTechnitiumNSRecord(token, nsRecordName, "AAAA", currIp, newIp)
+		if err != nil {
+			return errors.Wrap(err, "failed to update NS AAAA record")
+		}
+	}
+	return nil
+}
+
+func UpdateTechnitiumNSRecord(token, domain, recordType string, currIp, newIp net.IP) error {
 	baseURL := fmt.Sprintf("http://%s:5380/api/zones/records/update", TECHNITIUM_HOST)
 	params := map[string]string{
 		"token":        token,
 		"domain":       domain,
-		"type":         "A",
+		"type":         recordType,
 		"newIpAddress": newIp.String(),
 		"ipAddress":    currIp.String(),
 	}