From 9908e869e441b198700f43f4c421358c582c52a2 Mon Sep 17 00:00:00 2001
From: Scotte Zinn <scotte@zinn.ca>
Date: Wed, 26 Feb 2025 15:53:49 -0500
Subject: [PATCH] feat: Dual DNS

---
 .taskfiles/Machine/Taskfile.yaml              | 55 ++++++++++++++-----
 .../{artemis => adguard}/AdGuardHome.yaml     |  4 +-
 ...ard.yaml => external-adguard-artemis.yaml} | 10 ++--
 .../external-adguard-titan.yaml               | 47 ++++++++++++++++
 .../external-services/kustomization.yaml      |  3 +-
 5 files changed, 96 insertions(+), 23 deletions(-)
 rename .taskfiles/Machine/files/{artemis => adguard}/AdGuardHome.yaml (99%)
 rename kubernetes/main/apps/networking/external-services/{external-adguard.yaml => external-adguard-artemis.yaml} (81%)
 create mode 100644 kubernetes/main/apps/networking/external-services/external-adguard-titan.yaml

diff --git a/.taskfiles/Machine/Taskfile.yaml b/.taskfiles/Machine/Taskfile.yaml
index 0d5195ce1d..7cec44a0eb 100644
--- a/.taskfiles/Machine/Taskfile.yaml
+++ b/.taskfiles/Machine/Taskfile.yaml
@@ -5,6 +5,8 @@ vars:
   MACHINE_ROOT_DIR: "{{.ROOT_DIR}}/.taskfiles/Machine"
   FILES_DIR: "{{.MACHINE_ROOT_DIR}}/files"
   SCRIPTS_DIR: "{{.MACHINE_ROOT_DIR}}/scripts"
+  # renovate: depName=AdguardTeam/AdGuardHome datasource=github-releases
+  ADGUARD_VERSION: v0.107.57
 
 tasks:
   fetch-certificate:
@@ -64,18 +66,6 @@ tasks:
       - ssh root@ragnar.zinn.tech chmod u+rw,g-wx,o-wx /etc/chrony/conf.d/0-ntp-allow.conf
       - ssh root@ragnar.zinn.tech systemctl restart chrony
 
-  update-titan-certificate:
-    desc: Update Titan certificate
-    cmds:
-      - ssh root@titan.zinn.tech mkdir -p /var/lib/gatus
-      - scp "{{.FILES_DIR}}/certificates/certificate.crt" root@titan.zinn.tech:/var/lib/gatus/certificate.crt
-      - ssh root@titan.zinn.tech chown gatus:gatus /var/lib/gatus/certificate.crt
-      - ssh root@titan.zinn.tech chmod u+rw,g-wx,o-wx /var/lib/gatus/certificate.crt
-      - scp "{{.FILES_DIR}}/certificates/certificate.key" root@titan.zinn.tech:/var/lib/gatus/certificate.key
-      - ssh root@titan.zinn.tech chown gatus:gatus /var/lib/gatus/certificate.key
-      - ssh root@titan.zinn.tech chmod u+rw,g-wx,o-wx /var/lib/gatus/certificate.key
-      - ssh root@titan.zinn.tech systemctl restart gatus
-
   update-styx-certificate:
     desc: Update Styx certificate
     cmds:
@@ -103,13 +93,24 @@ tasks:
       - ssh root@{{.MACHINE}}.zinn.tech systemctl restart unifi-core
 
   install-artemis-adguard:
-    desc: Install AdGuardHome
+    desc: Install Artemis AdGuardHome
     vars:
       # renovate: depName=AdguardTeam/AdGuardHome datasource=github-releases
       ADGUARD_VERSION: v0.107.57
     cmds:
       - ssh root@artemis.zinn.tech wget -q https://github.com/AdguardTeam/AdGuardHome/releases/download/{{.ADGUARD_VERSION}}/AdGuardHome_linux_arm64.tar.gz -O /opt/AdGuardHome_linux_arm64.tar.gz
       - ssh root@artemis.zinn.tech 'cd /opt && tar xf AdGuardHome_linux_arm64.tar.gz'
+      - ssh root@artemis.zinn.tech 'cd /opt/AdGuardHome && ./AdGuardHome -s install'
+
+  install-titan-adguard:
+    desc: Install Titan AdGuardHome
+    vars:
+      # renovate: depName=AdguardTeam/AdGuardHome datasource=github-releases
+      ADGUARD_VERSION: v0.107.57
+    cmds:
+      - ssh root@titan.zinn.tech wget -q https://github.com/AdguardTeam/AdGuardHome/releases/download/{{.ADGUARD_VERSION}}/AdGuardHome_linux_amd64.tar.gz -O /opt/AdGuardHome_linux_amd64.tar.gz
+      - ssh root@titan.zinn.tech 'cd /opt && tar xf AdGuardHome_linux_amd64.tar.gz'
+      - ssh root@titan.zinn.tech 'cd /opt/AdGuardHome && ./AdGuardHome -s install'
 
   install-artemis-docker:
     desc: Install docker
@@ -130,23 +131,47 @@ tasks:
       - ssh root@artemis.zinn.tech chmod -x /etc/cron.d/cloudflare-ddns
 
   restart-artemis-adguard:
-    desc: Restart AdGuardHome
+    desc: Restart Artemis AdGuardHome
     cmds:
       - ssh root@artemis.zinn.tech systemctl restart AdGuardHome
 
+  restart-titan-adguard:
+    desc: Restart Titan AdGuardHome
+    cmds:
+      - ssh root@titan.zinn.tech systemctl restart AdGuardHome
+
   update-artemis-configuration:
     desc: Update Artemis configuration
     cmds:
       - task: update-artemis-adguard-configuration
+        vars:
+          machine_ip: 10.0.0.8
       - task: update-artemis-gatus-configuration
 
   update-artemis-adguard-configuration:
     desc: Update Artemis AdGuardHome configuration
+    requires:
+      vars:
+        - machine_ip
     cmds:
-      - scp "{{.FILES_DIR}}/artemis/AdGuardHome.yaml" root@artemis.zinn.tech:/opt/AdGuardHome/AdGuardHome.yaml
+      - cat "{{.FILES_DIR}}/adguard/AdGuardHome.yaml" | sed -e "s/MACHINE_IP/{{.machine_ip}}/" > /tmp/AdGuardHome.yaml
+      - scp /tmp/AdGuardHome.yaml root@artemis.zinn.tech:/opt/AdGuardHome/AdGuardHome.yaml
+      - rm /tmp/AdGuardHome.yaml
       - ssh root@artemis.zinn.tech chmod og-rwx /opt/AdGuardHome/AdGuardHome.yaml
       - ssh root@artemis.zinn.tech systemctl restart AdGuardHome
 
+  update-titan-adguard-configuration:
+    desc: Update Titan AdGuardHome configuration
+    requires:
+      vars:
+        - machine_ip
+    cmds:
+      - cat "{{.FILES_DIR}}/adguard/AdGuardHome.yaml" | sed -e "s/MACHINE_IP/{{.machine_ip}}/" > /tmp/AdGuardHome.yaml
+      - scp /tmp/AdGuardHome.yaml root@titan.zinn.tech:/opt/AdGuardHome/AdGuardHome.yaml
+      - rm /tmp/AdGuardHome.yaml
+      - ssh root@titan.zinn.tech chmod og-rwx /opt/AdGuardHome/AdGuardHome.yaml
+      - ssh root@titan.zinn.tech systemctl restart AdGuardHome
+
   update-artemis-gatus-configuration:
     desc: Update Artemis AdGuardHome configuration
     cmds:
diff --git a/.taskfiles/Machine/files/artemis/AdGuardHome.yaml b/.taskfiles/Machine/files/adguard/AdGuardHome.yaml
similarity index 99%
rename from .taskfiles/Machine/files/artemis/AdGuardHome.yaml
rename to .taskfiles/Machine/files/adguard/AdGuardHome.yaml
index f203bfb7c0..aa3a1a77bd 100644
--- a/.taskfiles/Machine/files/artemis/AdGuardHome.yaml
+++ b/.taskfiles/Machine/files/adguard/AdGuardHome.yaml
@@ -2,7 +2,7 @@ http:
   pprof:
     port: 6060
     enabled: false
-  address: 10.0.0.8:3000
+  address: MACHINE_IP:3000
   session_ttl: 720h
 users:
   - name: admin
@@ -14,7 +14,7 @@ language: ""
 theme: auto
 dns:
   bind_hosts:
-    - 0.0.0.0
+    - MACHINE_IP
   port: 53
   anonymize_client_ip: false
   ratelimit: 200
diff --git a/kubernetes/main/apps/networking/external-services/external-adguard.yaml b/kubernetes/main/apps/networking/external-services/external-adguard-artemis.yaml
similarity index 81%
rename from kubernetes/main/apps/networking/external-services/external-adguard.yaml
rename to kubernetes/main/apps/networking/external-services/external-adguard-artemis.yaml
index 89e29066e8..44daeea051 100644
--- a/kubernetes/main/apps/networking/external-services/external-adguard.yaml
+++ b/kubernetes/main/apps/networking/external-services/external-adguard-artemis.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: adguard
+  name: adguard-artemis
 spec:
   ports:
     - protocol: TCP
@@ -12,9 +12,9 @@ spec:
 apiVersion: discovery.k8s.io/v1
 kind: EndpointSlice
 metadata:
-  name: adguard
+  name: adguard-artemis
   labels:
-    kubernetes.io/service-name: adguard
+    kubernetes.io/service-name: adguard-artemis
 addressType: IPv4
 ports:
   - name: http
@@ -28,14 +28,14 @@ endpoints:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: &app adguard
+  name: &app adguard-artemis
   labels:
     app.kubernetes.io/name: *app
     app.kubernetes.io/instance: *app
 spec:
   ingressClassName: internal-nginx
   rules:
-    - host: adguard.zinn.ca
+    - host: adguard-artemis.zinn.ca
       http:
         paths:
           - path: /
diff --git a/kubernetes/main/apps/networking/external-services/external-adguard-titan.yaml b/kubernetes/main/apps/networking/external-services/external-adguard-titan.yaml
new file mode 100644
index 0000000000..965697bed2
--- /dev/null
+++ b/kubernetes/main/apps/networking/external-services/external-adguard-titan.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: adguard-titan
+spec:
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000
+---
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: adguard-titan
+  labels:
+    kubernetes.io/service-name: adguard-titan
+addressType: IPv4
+ports:
+  - name: http
+    appProtocol: http
+    protocol: TCP
+    port: 3000
+endpoints:
+  - addresses:
+      - "10.0.0.7"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: &app adguard-titan
+  labels:
+    app.kubernetes.io/name: *app
+    app.kubernetes.io/instance: *app
+spec:
+  ingressClassName: internal-nginx
+  rules:
+    - host: adguard-titan.zinn.ca
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: *app
+                port:
+                  number: 3000
diff --git a/kubernetes/main/apps/networking/external-services/kustomization.yaml b/kubernetes/main/apps/networking/external-services/kustomization.yaml
index 202464481c..57ff503d3f 100644
--- a/kubernetes/main/apps/networking/external-services/kustomization.yaml
+++ b/kubernetes/main/apps/networking/external-services/kustomization.yaml
@@ -3,6 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - external-adguard.yaml
+  - external-adguard-artemis.yaml
+  - external-adguard-titan.yaml
   - external-birds.yaml
   - external-minio.yaml