Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
Files
60ba0cfe907e7bd0606238a1b9a47b0d67da36e5
klaster/ansible/roles/routeros/tasks/containers.yml
T
Lumpiasty d3a067886e
ci/woodpecker/push/flux-reconcile-source Pipeline was successful
Details
ci/woodpecker/push/coredns-build Pipeline was successful
Details
ci/woodpecker/cron/renovate Pipeline was successful
Details
coredns: fix ENOTFOUND for own zone, enable dns64 for IPv4 clients 
Two Corefile changes:
- Add lumpiasty.xyz server block without dns64. Replaces the manual
  RouterOS static FWD entry (\"bypass nat64\") which returned NOERROR
  with empty answer instead of relaying NXDOMAIN. Combined with
  ndots:5 and pod search domains this made getaddrinfo stop at the
  search-suffixed candidate and fail with ENOTFOUND for valid names
  (kaneo -> authentik OAuth fetch failures). CoreDNS relays rcodes
  faithfully; internal zone keeps real AAAA for native IPv6.
- Add allow_ipv4 to dns64 (previously uncommitted): without it only
  queries arriving over IPv6 are synthesized, but all clients reach
  CoreDNS via RouterOS over IPv4, so translate_all never applied.
The RouterOS static FWD entry must be removed after deploying the new
image - ansible already declares only the ts.net entry, so a playbook
run handles it.
2026-06-13 02:45:30 +02:00

56 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Configure container runtime defaults
community.routeros.api_find_and_modify:
ignore_dynamic: false
path: container config
find: {}
values:
tmpdir: tmp
- name: Configure container env lists
community.routeros.api_modify:
path: container envs
data: []
handle_absent_entries: remove
handle_entries_content: remove_as_much_as_possible
- name: Configure container mounts
community.routeros.api_modify:
path: container mounts
data:
- dst: /var/lib/tailscale
list: tailscale_state
src: /tailscale/state
handle_absent_entries: remove
handle_entries_content: remove_as_much_as_possible
- name: Configure containers
community.routeros.api_modify:
path: container
data:
- dns: 172.20.0.1
interface: veth-tailscale
logging: true
mountlists: tailscale_state
name: tailscale
remote-image: gitea.lumpiasty.xyz/lumpiasty/mikrotik-tailscale:stable
root-dir: tailscale/root
start-on-boot: true
- dns: 172.20.0.1
interface: veth-coredns
logging: true
name: coredns
remote-image: gitea.lumpiasty.xyz/lumpiasty/coredns-mikrotik:latest
root-dir: coredns/root
start-on-boot: true
# Tayga auto-configures from the veth addresses and routes — no env vars needed.
- interface: veth-tayga
logging: true
name: tayga
remote-image: ghcr.io/apalrd/tayga-nat64
root-dir: tayga/root
start-on-boot: true
workdir: /app
handle_absent_entries: remove
handle_entries_content: remove_as_much_as_possible
Reference in New Issue View Git Blame Copy Permalink