add IPv6 connectivity via Hurricane Electric 6in4 tunnel
- Add public_ipv6 variable and AAAA records for all 34 non-proxied services - Fix stale DNS records (85.130.108.6 → 176.12.22.76, old IPv6 → HE tunnel) - Update SPF record with current IPv4/IPv6 addresses - Add AAAA update support to Technitium DNS updater CLI - Pin mailserver MetalLB IP to 10.0.20.201 for stable pfSense NAT - pfSense: HE_IPv6 interface, strict firewall (80,443,25,465,587,993 + ICMPv6), socat IPv6→IPv4 proxy, removed dangerous "Allow all DEBUG" rules
This commit is contained in:
Viktor Barzin
parent
813f523170
commit
644562454c
6 changed files with 63 additions and 5 deletions
|
|
@ -18,6 +18,10 @@ variable "cloudflare_tunnel_id" {
|
|||
variable "public_ip" {
|
||||
type = string
|
||||
}
|
||||
variable "public_ipv6" {
|
||||
type = string
|
||||
description = "Public IPv6 address for AAAA records (from HE tunnel broker)"
|
||||
}
|
||||
|
||||
|
||||
terraform {
|
||||
|
|
@ -99,6 +103,16 @@ resource "cloudflare_record" "non_proxied_dns_record" {
|
|||
}
|
||||
|
||||
|
||||
resource "cloudflare_record" "non_proxied_dns_record_ipv6" {
|
||||
for_each = local.cloudflare_non_proxied_names_map
|
||||
name = each.key
|
||||
content = var.public_ipv6
|
||||
proxied = false
|
||||
ttl = 1
|
||||
type = "AAAA"
|
||||
zone_id = var.cloudflare_zone_id
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "mail" {
|
||||
content = "mail.viktorbarzin.me"
|
||||
name = "viktorbarzin.me"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue