viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1239 commits 2 branches 0 tags 2.3 GiB
Commit graph

19 commits

Author SHA1 Message Date
Viktor Barzin
f06b3ac0e4 [ci skip] Fix .viktorbarzin.lan.viktorbarzin.lan duplicate DNS queries 
Add CoreDNS catch-all block for viktorbarzin.lan.viktorbarzin.lan to
return NXDOMAIN immediately, preventing search domain expansion junk
queries from reaching Technitium. Add trailing dots to Prometheus
scrape targets (idrac, ups, ha-sofia) to bypass ndots expansion.
 2026-02-16 21:38:38 +00:00
Viktor Barzin
8107e5273c [ci skip] Fix Technitium DNS client IP logging: bypass Traefik L4 proxy 
DNS queries were going through Traefik's IngressRouteUDP, replacing
real client IPs with Traefik pod IPs (10.10.169.150) in Technitium logs.
Changed Technitium DNS service from NodePort to LoadBalancer with
externalTrafficPolicy: Local, removed dns-udp entrypoint and
IngressRouteUDP from Traefik, and updated CoreDNS to forward .lan
queries to Technitium's LoadBalancer IP directly.
 2026-02-16 21:16:16 +00:00
Viktor Barzin
c0a18c9c57 [ci skip] Manage CoreDNS Corefile in Terraform and block junk NxDomain queries 
Add kubernetes_config_map for CoreDNS to the technitium module, with a
template block for cluster.local.viktorbarzin.lan that returns NXDOMAIN
immediately. This prevents ndots:5 search domain expansion from flooding
Technitium with ~66k/day junk queries (e.g.
redis.redis.svc.cluster.local.viktorbarzin.lan).

Also enabled saveCache on Technitium so the DNS cache persists across
pod restarts.
 2026-02-15 21:51:12 +00:00
Viktor Barzin
f1e9fb9afe add tier to all deployments [ci skip] 2026-01-10 16:28:14 +00:00
Viktor Barzin
f1dde96d80 replace hardcoded namespace with module reference [ci skip] 2025-12-29 10:23:42 +00:00
Viktor Barzin
9efbbb4316 disable diun for technitium [ci skip] 2025-12-26 16:15:00 +00:00
Viktor Barzin
b1245d0c06 add message to not change nodeport service on technitium as that would mess up things [ci skip] 2025-01-25 17:21:57 +00:00
Viktor Barzin
13abb70576 use ingress factory for all hosted ingresses [ci skip] 2025-01-14 22:53:04 +00:00
Viktor Barzin
8f739d87f1 update diun annotations to correctly monitor for image version updates and update some services alongside[ci skip] 2024-12-30 14:01:38 +00:00
Viktor Barzin
72d780c26f replace oauth proxy with authentik auth [ci skip] 2024-11-18 22:06:31 +00:00
Viktor Barzin
b04a638500 add tecnitium token to homepage [ci skip] 2024-10-20 13:05:11 +00:00
Viktor Barzin
b576f89f43 add diun annotation [ci skip] 2024-08-17 20:23:20 +00:00
Viktor Barzin
a10bf5fc1d add technitium template to istio [ci skip] 2024-01-08 23:01:48 +00:00
Viktor Barzin
4efa47172c replace tls client cert auth with oauth and add localai stub [ci skip] 2023-10-22 14:07:18 +00:00
Viktor Barzin
719cc3436e update tls certs; add technitium doh open without recursion for now; add dashy web 2023-10-21 12:14:31 +00:00
Viktor Barzin
70f8ceef5b recreate technitium instance to avoid db losses [ci skip] 2023-09-16 19:33:48 +00:00
Viktor Barzin
fae0f42407 add oidc to headscale and move technitium to a nodeport service [ci skip] 2023-09-15 22:55:13 +00:00
Viktor Barzin
f1714a9baf set techniitum to nodeport to get source ip clients and remove bind [ci skip] 2023-09-15 13:57:53 +00:00
Viktor Barzin
9faa285819 replace bind-pihole-dnscrypt with technitium [ci skip] 2023-09-14 09:20:16 +00:00