# Talos Configuration Templates
# Machine configurations and Talos-specific patterns

# Custom Talos Factory Image
# Uses factory image with Longhorn extension pre-installed
TALOS_FACTORY_IMAGE: "613e1592b2da41ae5e265e8789429f22e121aab91cb4deb6bc3c0b6262961245:v1.10.4"

# Network Interface Configuration
---
apiVersion: v1alpha1
kind: MachineConfig
metadata:
  name: node-config
spec:
  machine:
    network:
      interfaces:
      # Public interface (DHCP + static configuration)
      - interface: enp7s0
        dhcp: true
        addresses:
        - 152.53.107.24/24  # Example for n1
        routes:
        - network: 0.0.0.0/0
          gateway: 152.53.107.1
          
      # Private VLAN interface (static configuration)  
      - interface: enp9s0
        addresses:
        - 10.132.0.10/24    # Example for n1 (VLAN 1004963)
        vip:
          ip: 10.132.0.5     # Shared VIP for control plane HA

  # Node IP Configuration
  machine:
    kubelet:
      extraArgs:
        node-ip: 152.53.107.24  # Use public IP for node reporting

# Node IP Mappings (NetCup Cloud vLAN 1004963)
# All nodes are control plane nodes with shared VIP for HA
# n1: Public 152.53.107.24 + Private 10.132.0.10/24 (Control plane)
# n2: Public 152.53.105.81 + Private 10.132.0.20/24 (Control plane)  
# n3: Public 152.53.200.111 + Private 10.132.0.30/24 (Control plane)
# VIP: 10.132.0.5 (shared VIP, nodes elect primary)

# Cluster Configuration
---
apiVersion: v1alpha1
kind: ClusterConfig
metadata:
  name: keyboardvagabond
spec:
  clusterName: keyboardvagabond.com
  controlPlane:
    endpoint: https://10.132.0.5:6443  # VIP endpoint for HA
  
  # Allow workloads on control plane
  allowSchedulingOnControlPlanes: true
  
  # CNI Configuration (Cilium)
  network:
    cni:
      name: none  # Cilium installed via Helm
    dnsDomain: cluster.local  # Standard domain for compatibility
    
  # API Server Configuration
  apiServer:
    extraArgs:
      # Enable aggregation layer for metrics
      enable-aggregator-routing: "true"

# Volume Configuration
# System disk: /dev/vda with 2-50GB ephemeral storage
# Longhorn storage: 400GB minimum on system disk at /var/lib/longhorn

# Administrative Access Commands
# Recommended: Use VIP endpoint for HA
# talosctl config endpoint 10.132.0.5  # VIP endpoint
# talosctl config node 10.132.0.5
# talosctl health
# talosctl dashboard (via Tailscale VPN only)

# Alternative: Individual node endpoints
# talosctl config endpoint 10.132.0.10 10.132.0.20 10.132.0.30
# talosctl config node 10.132.0.10

# kubectl Contexts:
# - admin@keyboardvagabond-tailscale (VIP: 10.132.0.5:6443 or node IPs) - ACTIVE
# - admin@keyboardvagabond.com (blocked by firewall, Tailscale-only access)

# Security Notes:
# - API access restricted to Tailscale CGNAT range (100.64.0.0/10)
# - Cilium host firewall blocks world access to ports 6443, 50000-50010
# - All administrative access requires Tailscale mesh VPN connection
# - Backup kubeconfig available as SOPS-encrypted portable configuration