[reverse-proxy] Fix gw.viktorbarzin.me — point at 192.168.1.1 via EndpointSlice

The TP-Link gateway was wired via ExternalName `gw.viktorbarzin.lan`, but Technitium has no record for that name (the router isn't a DHCP client and Kea DDNS never registers it), so the ingress backend returned NXDOMAIN and the `[External] gw` Uptime Kuma monitor was permanently failing. Factory now accepts `backend_ip` as an alternative to `external_name`: it creates a selector-less ClusterIP Service + manual EndpointSlice pointing at the given IP, bypassing cluster DNS entirely. Used for gw (192.168.1.1); the old ExternalName path is retained for every other service. Also add a direct `port` monitor for the router in uptime-kuma's internal_monitors list so we can tell a Cloudflare/tunnel outage apart from the router itself being down. Extended the internal-monitor-sync script to handle non-DB monitor types (hostname + port fields).
2026-04-19 15:07:24 +00:00 · 2026-04-19 15:07:24 +00:00 · a86a97deb7
commit a86a97deb7
parent 4b39fbb717
3 changed files with 112 additions and 25 deletions
--- a/stacks/reverse-proxy/modules/reverse_proxy/main.tf
+++ b/stacks/reverse-proxy/modules/reverse_proxy/main.tf
@ -112,13 +112,11 @@ module "idrac" {
  depends_on = [kubernetes_namespace.reverse-proxy]
 }

-# Can either listen on https or http; can't do both :/
-# TODO: Not working yet
 module "tp-link-gateway" {
  source             = "./factory"
  dns_type           = "proxied"
  name               = "gw"
-  external_name      = "gw.viktorbarzin.lan"
+  backend_ip         = "192.168.1.1"
  port               = 443
  tls_secret_name    = var.tls_secret_name
  backend_protocol   = "HTTPS"